Extracted

• • Target

    ea21f591a31754a8d327f905bccfca2f.exe

  • Size

    364KB

  • MD5

    ea21f591a31754a8d327f905bccfca2f

  • SHA1

    576b00213e4c05a4a4fdad1b54d9e6ce725b4f5f

  • SHA256

    4768efd3769c4525cb2230482561c0fb0df37802d247f0bfea1f713a8561ad61

  • SHA512

    d9ba855b9c9a4344e6c4d584de2962f2e1175a2c98095dde389ce41e8a8b9211b16cc3a0862c86e2f35e7923cf3699d2ca5e1558aa40fb9d65e70a8b731c3670

  • SSDEEP

    6144:RDKW1Fgbdl0TBBvjc/9gcrPhMINuFdGohgvwhGRz4JDw+mbIpKXJsg+TW:hh1Fk70TnvjcFPOINuXGjiGl4JcPbIYT

  Score

  10^/10

  stealcdiscoveryspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2