MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Stealc

Vendor detections: 16

Intelligence 16 IOCs YARA 16 File information Comments

SHA256 hash:	4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe
SHA3-384 hash:	0ebc64d07b3b62bcad77f7b194623aa2c03781eee3d75d5eaf470a66f3724be9e22f0e94e15cc04ab740906bd0ae1a35
SHA1 hash:	64652d1f8cf9e6a93cf4502466073dbe4057141d
MD5 hash:	438d9171a6282478fcc2cd67daefbc34
humanhash:	princess-cat-stairway-grey
File name:	4828b8aae87a5f0c.exe
Download:	download sample
Signature	Stealc Create hunting rule
File size:	2'323'968 bytes
First seen:	2026-03-15 06:23:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	77bb604ddb8d2a9df61815c9b5a4d907 (3 x Stealc, 3 x Tofsee, 1 x TeamBot)
ssdeep	12288:0BRXpWPhK8WZVo84QTUIU9O5NZUkwz2dzdICFjV+68Jvso84QTUIU9O5NZUkwz2e:0Bb/rVlTUl9O5A7LXvslTUl9O5A7LXv
Threatray	2'782 similar samples on MalwareBazaar
TLSH	T122B5630ABBFAC965E4BF1B743DA9C38925F3FD668D01C76B7189034E0CB56004D61A7A
TrID	39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 8.3% (.EXE) Win64 Executable (generic) (6522/11/2) 6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
Reporter	Skynet11
Tags:	exe Stealc

Intelligence

File Origin

# of uploads :

# of downloads :

134

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

AceCryptor Stealc

Details

AceCryptor

an extracted shellcode loader component and a TEA decryption key

AceCryptor

an extracted payload

AceCryptor

an extracted shellcode loader component and the ms_c_rand-XOR seed

Stealc

decrypted strings, an RC4 key, c2 url, url paths, and possibly a missionid and a separate network RC4 key

Link:

https://research.acce.ciphertechsolutions.com/results/c4a9e0d2-222d-433a-be26-eb840e0f2bf8/

Malware family:

n/a

ID:

File name:

x4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe.exe

Verdict:

Malicious activity

Analysis date:

2026-03-15 05:14:53 UTC

Tags:

stealc stealer

Link:

https://app.any.run/tasks/63b7d0af-0a1e-49d8-8a03-faac5b5ecfe4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Stealc

Link:

https://www.capesandbox.com/analysis/57500/

Detection(s):

Win.Packed.Convagent-10012344-0

Win.Malware.Pwsx-10012345-0

Win.Dropper.Tofsee-10012354-0

Win.Malware.Tofsee-10012421-0

Win.Packed.Convagent-10012426-0

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b6404d88c80c01586a57d3

Tags:

injection obfusc

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

azorult fingerprint glupteba infostealer krypt microsoft_visual_cc overlay stealc tofsee unsafe

Link:

https://www.filescan.io/uploads/69b6504e493cb7d62dfdb96b/reports/ea1af80f-1913-4fab-b4f7-4d3066e4678f/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe

Result

Gathering data

Verdict:

Malicious

File Type:

exe x32

Detections:

HEUR:Trojan-PSW.Win32.Stealerc.gen HEUR:Trojan.Win32.Agent.gen

Link:

https://opentip.kaspersky.com/4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe/results?tab=lookup

Malware family:

Stealc

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3018c968-169f-4f37-8e08-6c19b10e1121

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe/

Verdict:

Malicious

Threat:

Family.STEALC

Link:

https://tip.neiki.dev/file/4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe

Threat name:

Win32.Trojan.MarsStealer

Status:

Malicious

First seen:

2026-03-14 22:35:43 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 36 (69.44%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jaulrkxipjpqzgklsiafbsxqbe62hyuwswpwgugmwpdb7orl327a._file

Verdict:

malicious

Label(s):

shellcode_loader_002

stealc

Stealc

7cce5c884df446388d64b75b5de17ca1b18034119f5c06f2d0be50cee66d104d

Stealc

7cdde4d499e3fb8560558be03daef16feb69be0ebfaf717750e91c5c2083e121

Stealc

82cd193864b6a6d757910c6f495e81b4e9c1d5aa47351a8966173977b7909539

Stealc

d7481847f525726ad977ea91fc9e458901a5f5e00d92b8f94bdd74d076e31521

Stealc

e001f23726cc6fcc38a9866482764774f7345c122c944db82eca7a7894c8fdba

Stealc

e37f694492ea3edeba2e7b6c7b51a451e802b29b11e70fe8509dfd8a3fc8bab9

Stealc

error

Stealc

+ 2'772 additional samples on MalwareBazaar

Result

Malware family:

stealc

Score:

10/10

Tags:

family:stealc botnet:default discovery stealer

Link:

https://tria.ge/reports/260315-g5h91ac16t/

Behaviour

Program crash

System Location Discovery: System Language Discovery

Stealc

Stealc family

Malware Config

C2 Extraction:

http://kevinrobinson.top

Unpacked files

SH256 hash:

4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe

MD5 hash:

438d9171a6282478fcc2cd67daefbc34

SHA1 hash:

64652d1f8cf9e6a93cf4502466073dbe4057141d

Link:

https://www.unpac.me/results/49f9dbf6-9207-4042-bc24-261eae9a3694/

SH256 hash:

0250eca00f2b3af694f4fbe2cce813cd21c80640dcc246d06d1a880c2575cdf7

MD5 hash:

96d414f1a261ed4fdbbe76b041999304

SHA1 hash:

6c65917f825b543f551a6128f256a6af8ed5b12c

Detections:

win_stealc_auto

win_stealc_a0

detect_Mars_Stealer

win_stealc_bytecodes_oct_2023

Link:

https://www.unpac.me/results/49f9dbf6-9207-4042-bc24-261eae9a3694/

Parent samples :

2fc2dbfc4d287d1cc2fd6021c2b8285f96b8ae83710a7f6cd301ff53418422f4
026852f32a62ad4182dd36c3b344ebb9eb76f9446cd280eabf342703379968a7
8f1b134304061a1b6837f7f9dec2c73a6af00b285d1e60bba2bd1aa89d79ea5b
105dd6588b4c238c1d53131dfb31bf6927839accea90d2d798765e0a96f4f0e5
2eabafa28a5f2a7257c47d8d4c9b5264234b259b8a38cc7a738ae017fb91151a
dbbb617b516f11ccea0a21eefd5c52d3033f30a8d1e6f878e1fccea46a1b31a5
38e9b06f272fef5acc47a12dd00b7044cdf6c14aa4ea4e871c2426a0eb5fb3ff
2ceff65463ef3156fafaae4c327ac9f81a3d7540f6f44d16be2546ddabdcb6ab
316d90bb02fe3411fbe36c0ed10b9f9d00d6a4bcb121f872a57b11180eace5e1
e001f23726cc6fcc38a9866482764774f7345c122c944db82eca7a7894c8fdba
82cd193864b6a6d757910c6f495e81b4e9c1d5aa47351a8966173977b7909539
dc77c54cbac01f61a5abc98d7b8ab3762e41fb05e9ffada26250ed2bd5211af3
4828b8aae87a5f0c994b920050caf0093da3e296959f6350ccb3c61fba2bdebe

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	detect_Mars_Stealer Create hunting rule
Author:	@malgamy12
Description:	detect_Mars_Stealer

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	infostealer_win_stealc_standalone Create hunting rule
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

Rule name:	malware_Stealc_str Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	Stealc infostealer

Rule name:	Stealc Create hunting rule
Author:	kevoreilly
Description:	Stealc Payload

Rule name:	Suspicious_Process Create hunting rule
Author:	Security Research Team
Description:	Suspicious process creation

Rule name:	Windows_Trojan_Generic_2993e5a5 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Stealc_5d3f297c Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Stealc_b8ab9ab5 Create hunting rule
Author:	Elastic Security

Rule name:	win_stealc_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.stealc.

Rule name:	win_stealc_bytecodes_oct_2023 Create hunting rule
Author:	Matthew @ Embee_Research
Description:	Bytecodes present in Stealc decoding routine

Rule name:	win_stealc_w0 Create hunting rule
Author:	crep1x
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

Rule name:	yarahub_win_stealc_bytecodes_oct_2023 Create hunting rule
Author:	Matthew @ Embee_Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/57500/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample