MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Stealc

Vendor detections: 18

Intelligence 18 IOCs 1 YARA 14 File information Comments

SHA256 hash:	0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253
SHA3-384 hash:	b22d20f609ce243fa6b48ab7283009066ca8907b8979a17e4eaf92bcaac39c2160ed16625cb48acd65bf29726be4b73b
SHA1 hash:	3910f18bd957d7e70b063233e613514d868c2410
MD5 hash:	e2d51e426aefafcaa2064691c920e282
humanhash:	nuts-snake-low-florida
File name:	x0267f046308eb37ee48f932dce3ed33d578fc7e4bec5.exe
Download:	download sample
Signature	Stealc Create hunting rule
File size:	2'621'440 bytes
First seen:	2026-03-09 10:05:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	21829bcb83e2224c2104cf7cefe96c53 (8 x RedLineStealer, 3 x Stealc, 2 x CoinMiner)
ssdeep	12288:oDAkyWb+BEzNquZuAkvHM3GL9WsgJvJafWFwURUVzfB:QPxDRLZunvsm8Jaiwx
Threatray	98 similar samples on MalwareBazaar
TLSH	T1F2C5C683A2930455E14AB370B54D01D59781EEA205E4BBBFA8F2FE683FA41441FF3A57
TrID	46.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 9.8% (.EXE) Win64 Executable (generic) (6522/11/2) 7.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.7% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	abuse_ch
Tags:	exe Stealc

abuse_ch

Stealc C2:
http://joscramp.top/410b5129171f10ea.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://joscramp.top/410b5129171f10ea.php	https://threatfox.abuse.ch/ioc/1094220/

Intelligence

File Origin

# of uploads :

# of downloads :

141

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

AceCryptor Stealc

Details

AceCryptor

an extracted shellcode loader component and a TEA decryption key

AceCryptor

an extracted payload

AceCryptor

an extracted shellcode loader component and the ms_c_rand-XOR seed

Stealc

decrypted strings, an RC4 key, c2 url, url paths, and possibly a missionid and a separate network RC4 key

Link:

https://research.acce.ciphertechsolutions.com/results/9d48b0c1-59c1-4ee5-ac65-f5783fa81a10/

Malware family:

n/a

ID:

File name:

x0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253.exe

Verdict:

Malicious activity

Analysis date:

2026-03-08 22:55:02 UTC

Tags:

stealc stealer

Link:

https://app.any.run/tasks/8b7d737b-f633-494b-a3d6-8a6c08c6b758

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Stealc

Link:

https://www.capesandbox.com/analysis/56766/

Detection(s):

Sanesecurity.Malware.29155.BadIN.UNOFFICIAL

Win.Packer.pkr_ce1a-9980177-0

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69adfe46e5dc8e2b2c313f8d

Tags:

injection gandcrab

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

amadey crypt fingerprint installer-heuristic krypt lockbit microsoft_visual_cc overlay packed

Link:

https://www.filescan.io/uploads/69ae9b9b10e80629d4045e0a/reports/9a3acd7d-61c6-4093-9cbe-438a2cd80d61/overview

Verdict:

Malicious

Labled as:

Mint.Zard.Generic

Link:

https://www.hybrid-analysis.com/sample/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

Verdict:

Malicious

File Type:

exe x32

Detections:

Trojan-PSW.Win32.Stealerc.sb Trojan.Win32.Zenpak.sb Trojan.Win32.Yakes.sb Trojan.Win32.Strab.sb Trojan.Win32.Chapak.sb HEUR:Trojan-PSW.Win32.Stealerc.gen HEUR:Trojan.Win32.Convagent.gen

Link:

https://opentip.kaspersky.com/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253/results?tab=lookup

Malware family:

Stealc

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/430e8532-789e-4625-b26d-dcd266f77e06

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1880469

Signature

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking locale)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Unusual module load detection (module proxying)

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253/

Verdict:

Malicious

Threat:

Family.STEALC

Link:

https://tip.neiki.dev/file/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

Threat name:

Win32.Trojan.MintZard

Status:

Malicious

First seen:

2026-03-08 15:02:28 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 23 (100.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ajt7arrqr2zx5zepsmw44pwthvly7r7ex3c3ete3qrnmikuqejjq._file

Verdict:

malicious

Label(s):

shellcode_loader_002

stealc

Stealc

64b0d4ff01dc13572b748c0caa19d797aa6841994a90e5643d23dd5c692c0f17

Stealc

8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

Stealc

9e1cc2a7e7a7cc723e5b5f7a8c168444dbe69250621ab831d255cef422a5b210

Stealc

d235538772b86e3ef1e4cd2f00d4b7931c8bc622d29aad39b7e3a6a465a1c669

Stealc

db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c

Stealc

f9065a3e8905c4433fb9df4dbff6a8c6645cfb12291dcdc1a3e7148f46e2762e

Stealc

+ 88 additional samples on MalwareBazaar

Result

Malware family:

stealc

Score:

10/10

Tags:

family:stealc botnet:3 discovery stealer

Link:

https://tria.ge/reports/260309-l47y7adx6r/

Behaviour

Program crash

System Location Discovery: System Language Discovery

Stealc

Stealc family

Malware Config

C2 Extraction:

http://joscramp.top

Unpacked files

SH256 hash:

0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

MD5 hash:

e2d51e426aefafcaa2064691c920e282

SHA1 hash:

3910f18bd957d7e70b063233e613514d868c2410

Link:

https://www.unpac.me/results/4c88d0a1-399a-4051-bfd8-5eb79ee187cb/

SH256 hash:

a9200cfb3565dabeee166a35586b5edd13cc491ed670a71f9e8c1300b563c178

MD5 hash:

bb6d0cfa9f73349ee6fde707cbba6084

SHA1 hash:

f64d83af428552031462819894c7eca94c89dbda

Detections:

win_stealc_auto

win_stealc_a0

Win32_Infostealer_StealC

Link:

https://www.unpac.me/results/4c88d0a1-399a-4051-bfd8-5eb79ee187cb/

Parent samples :

f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
5dfb1e4c32c994d72e8a7553a3bde80ba2e35e5dc4c38553effa8331849297a9
d25cffb62ca775b060887e2943ddfafe2b183f038e2e416b637fe51853185ddd
87314838047125700260d065feaef4202abb6dd60dba26890ce8a759aef3079e
db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c
0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0267f046308eb37ee48f932dce3ed33d578fc7e4bec5b24c9b845ac42a902253

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	infostealer_win_stealc_standalone Create hunting rule
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

Rule name:	malware_Stealc_str Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	Stealc infostealer

Rule name:	Stealc Create hunting rule
Author:	kevoreilly
Description:	Stealc Payload

Rule name:	Suspicious_Process Create hunting rule
Author:	Security Research Team
Description:	Suspicious process creation

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	Win32_Infostealer_StealC Create hunting rule
Author:	ReversingLabs
Description:	Yara rule that detects StealC infostealer.

Rule name:	Windows_Trojan_Generic_2993e5a5 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Stealc_a2b71dc4 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Vidar_c374cd85 Create hunting rule
Author:	Elastic Security

Rule name:	win_stealc_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.stealc.

Rule name:	win_stealc_w0 Create hunting rule
Author:	crep1x
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/56766/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample