MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101
SHA3-384 hash: 8f0e6839cfbeb7b20b3c38350f827d85dc92f8c0633ba17d0f103dffefc2fa025d95f4e48782d84893ba4db6c305c8bf
SHA1 hash: ec6972ddc67db257c87428a83b704bf056ed81ff
MD5 hash: caa80b44c82963fb77920e24937891e6
humanhash: september-yankee-mexico-louisiana
File name:pnk333.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:11'968'905 bytes
First seen:2024-09-25 14:13:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:WsumuYLk9ujJuioDm8wsCEfsYEklGYTebgZU9uYXHcjysP9yHfL0rOn/DYUoAS0m:duRYLk9ul0twsCinFkYTebsU9uYMx0rG
TLSH T18EC62275EE13C4D6D4D42AB9CDE30E883373C8DE9351468282A9213CADD778A0E9E5D7
Magika zip
Reporter NDA0E
Tags:file-pumped LummaStealer Stealc zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:3uTools.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:792'803'329 bytes
SHA256 hash: 878ba7636fc9be08358b342a29f0c7f04d5e3d8eac1f6d6fb1144e2e2ef190c9
MD5 hash: 321a9ce996c2bdd88620dc842a4dd344
De-pumped file size:37'828'608 bytes (Vs. original size of 792'803'329 bytes)
De-pumped SHA256 hash: 06b83c886bc9d923d0b2239887d4d9da0e3a4add52e4fae56907f2dc90c7b664
De-pumped MD5 hash: 5cd397dc74570cf64977a172245745a9
MIME type:application/x-dosexec
Signature Stealc
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug golang large-file overlay
Link:
https://www.filescan.io/uploads/66f41ab5dcb7aa64740f5628/reports/fe80746d-d94d-4a68-86c1-8e33d0efbce2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101
Score:
98%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-09-25 14:15:14 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=khqsihbjrynpitiwimmlzdqr35deki5kfhe2kr3uaoywizsz4eaq._file
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:lumma family:stealc botnet:c1 discovery spyware stealer
Link:
https://tria.ge/reports/240925-rwaxdatfja/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Windows directory
Enumerates processes with tasklist
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Drops startup file
Executes dropped EXE
Downloads MZ/PE file
Lumma Stealer, LummaC
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
Malware Config
C2 Extraction:
http://45.200.149.53
https://racedsuitreow.shop/api
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

zip 51e1241c298e1af44d164318bc8e11df464523aa29c9a5477403b1646659e101

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3191177/
  
Delivery method
Distributed via web download

Comments