MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 14


Intelligence 14 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7
SHA3-384 hash: 4309e92cd766fca5e7e6adf58a71f4e41a2c03d93681649277d9e5f2402cd85aa41116f87a018dc9359b1ba63a7677c6
SHA1 hash: 7277c32465833b8146cbb896341d7fc35b109b8b
MD5 hash: a61025e3511cf9700a38e681a1fcdc81
humanhash: fish-romeo-quiet-leopard
File name:file
Download: download sample
Signature Stealc
Create hunting rule
File size:1'835'008 bytes
First seen:2026-06-25 11:05:34 UTC
Last seen:2026-06-25 12:06:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cea7ae85c87ddc7295d39ff9cda31d1 (103 x LummaStealer, 85 x RedLineStealer, 62 x Rhadamanthys)
ssdeep 49152:kHvvt08QyfTNQp7wOxmLwMYIuxuCpI5jpY3gGeoj8rEkfN:8v6uQVSY2mijggGeoYr5
TLSH T135852315A3E4E06AE0B5237488F6C08A9A317CB28A3C665F32D87E3F1D735D69631F15
TrID 45.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
18.0% (.EXE) Win64 Executable (generic) (6522/11/2)
13.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.6% (.ICL) Windows Icons Library (generic) (2059/9)
5.6% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 01030317170d1b5a (1 x Stealc)
Reporter Bitsight
Tags:D dropped-by-gcleaner EU0.file exe Stealc


Avatar
Bitsight
url: http://158.94.209.95/service

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives AutoIt
Details
Link:
https://research.acce.ciphertechsolutions.com/results/50b377a0-28c6-41fd-9e38-0f4cf9b78f0d/
Malware family:
n/a
ID:
1
File name:
_07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7.exe
Verdict:
Malicious activity
Analysis date:
2026-06-25 11:08:37 UTC
Tags:
generic autoit stealc stealer
Link:
https://app.any.run/tasks/c6075f72-3149-4aa1-b57f-0131b79fe330

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71923/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.118500.19246.15215.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a3d0b9e1548daf709f9aef8
Tags:
autoit emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
DNS request
Unauthorized injection to a recently created process
Сreating synchronization primitives
Deleting a recently created file
Connection attempt
Unauthorized injection to a recently created process by context flags manipulation
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug autoit CAB expired-cert explorer fingerprint installer installer installer-heuristic keylogger lolbin microsoft_visual_cc packed reconnaissance rundll32 runonce sfx
Link:
https://www.filescan.io/uploads/6a3d0b964dca8c24a596e5eb/reports/5fb49791-cc41-4c51-9acd-aa6599fb646b/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7
Verdict:
Unknown
File Type:
exe x64
Link:
https://opentip.kaspersky.com/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/af65e2d5-cb6e-4ba5-94b0-e64e216abebc
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7/
Verdict:
Malicious
Threat:
Family.STEALC
Link:
https://tip.neiki.dev/file/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-25 11:06:03 UTC
File Type:
PE+ (Exe)
Extracted files:
67
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a7gcfqo3fm42p7bqlcyc5qksewzjixsim2u2b2clr5zwokxjxtlq._file
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc botnet:user123cao discovery spyware stealer
Link:
https://tria.ge/reports/260625-m7cg5aa15y/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Executes dropped EXE
Reads WinSCP keys stored on the system
Reads user/profile data of web browsers
Family: Stealc
Malware Config
C2 Extraction:
http://64.89.161.67/3b250ef3f9e542adadfb.php
Unpacked files
SH256 hash:
07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7
MD5 hash:
a61025e3511cf9700a38e681a1fcdc81
SHA1 hash:
7277c32465833b8146cbb896341d7fc35b109b8b
Link:
https://www.unpac.me/results/fd5c3310-8716-4e8f-b1ef-b23141d5ddb2/
SH256 hash:
92c6531a09180fae8b2aae7384b4cea9986762f0c271b35da09b4d0e733f9f45
MD5 hash:
8fa52f316c393496f272357191db6deb
SHA1 hash:
b1ff3d48a3946ca7786a84e4a832617cd66fa3b9
Link:
https://www.unpac.me/results/fd5c3310-8716-4e8f-b1ef-b23141d5ddb2/
Parent samples :
92c6531a09180fae8b2aae7384b4cea9986762f0c271b35da09b4d0e733f9f45
61e49a19884c9d3d22ea4516a24d2a15c77325f7c57da4c5cae232369281dc98
375b35499333d8cd0823f64a4624b4106fdd15839ad0439aeb02353cdab4ed61
7b8526752f7a9580fc6ee88c35c8df39ef69ba1ab4241bba1fad1fb44c80a7a5
d421cda5ce74477bcc1e0b7f02ad75a5ae7fd53811922e2113ebdba61719f973
c5ab1d48b2971f2b7f070a88d8e308f8e2b6bc2f143f74e15016ad52049e9223
Malware family:
Stealc
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/07cc22c1db2b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

Executable exe 07cc22c1db2b39a7fc3058b02ec15225b2945e4866a9a0e84b8f73672ae9bcd7

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/71923/

Comments