MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee
SHA3-384 hash: f74eac389c8a610cc07f3345eb51ca9fe34fe068950b8669d02f6fd7fd8fdb6e8546465e618fbb9015aea15d16e540c1
SHA1 hash: 3c43b966c4779fa20213f60e83451e1090fd3f73
MD5 hash: 670e6421401ca16b4d15251e303cf741
humanhash: ten-seventeen-lithium-pluto
File name:installer_stealc_v2.0.0.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:11'627'693 bytes
First seen:2025-04-10 08:14:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:Zmr55JYp29Xh+suCdhYAlsimu79bv/K2diig0Y2KCKtlHd096PsG5HGBgyQSF3H:ZmNAaJuCnflEu7xv/K2Iig0Y1tlHd00y
TLSH T1D2C633F5DB8134DBD19E72B6302F0963DEB942097878E1561449C2B43EC2EA13DFA66C
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter Anonymous
Tags:Panel sst.my Stealc zip


Avatar
Anonymous
Retrieved from https://sst.my/server/installer_stealc_v2.0.0.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
HU HU
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:how to install.txt
File size:45 bytes
SHA256 hash: 6962e41532f6a28d474e761bb69076af60f643cba29421d78e5b403330febe68
MD5 hash: 5777bab474219ef5049eb7984604b181
MIME type:text/plain
Signature Stealc
File name:www.zip
File size:11'624'704 bytes
SHA256 hash: e52d8a1ce8ae03cf7322f9dbe54a3d3d2ce404a23ca97e6125d87f1cc5835233
MD5 hash: f79c0ce4de92139a442d81201c77cd00
MIME type:application/zip
Signature Stealc
File name:install.sh
File size:8'470 bytes
SHA256 hash: de32aa481cc50a3f36e648fa89423123cd96d9d379f3d7d3e1137653d4d16ccb
MD5 hash: 1a492f72ffed880dae91288a49871996
MIME type:text/x-shellscript
Signature Stealc
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f7844e71beff15dccf3e86
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f77e100eb02f7be13abc0f/reports/8028cd1c-5d93-40f6-857c-0c4b5cdf738d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee
Score:
1%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee/
Threat name:
Win32.Trojan.Suschil
Create hunting rule
Status:
Malicious
First seen:
2025-04-10 06:21:39 UTC
File Type:
Binary (Archive)
Extracted files:
627
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ixwckmojo456eif6kjkwwk2nk7rvl723efrdmhgx3x3v22pao3xa._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
discovery execution link linux qr
Link:
https://tria.ge/reports/250410-njdkysztft/
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Stealc
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

zip 45ec2531c9773be220be52556b2b4d57e355ff5b2162361cd7ddf75d69e076ee

(this sample)

  
Delivery method
Distributed via web download

Comments