MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8
SHA3-384 hash: 1ff21d6cd06336bf61263e394c66e2e32fa24a87e9713b458154c3d9137fe2c9ab05363cac4bcd3f1cf1f75f96752416
SHA1 hash: 18dd9f4ae4cb54b2678b035042e8fdf0167fe55b
MD5 hash: 5d752aff2f9a27a2bbde3414b0b0585c
humanhash: mexico-august-sink-nuts
File name:Launcher.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:8'046'548 bytes
First seen:2025-12-11 11:22:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:ZxPmjFoD6Can7uUHzM5uh9d8uGUQramSQbz/k4E5:HujKDHYuj5uhkuy3SQv/kN
TLSH T1E386335CF7BBA408EA1F933A308A005AF6A48F15E9E9673B039824591DBF0D71E53357
Magika zip
Reporter tcains1
Tags:SmartLoader Stealc zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/78e406d9-7eda-43aa-b878-49b01bb58ae8/
Detection(s):
SecuriteInfo.com.VBS.Obfus-141.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d9fbee73afd01b31e0eb65
Tags:
infosteal emotet
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
First seen:
2025-10-28T09:51:00Z UTC
Last seen:
2025-12-11T13:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8/results?tab=lookup
Score:
65%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/5d752aff2f9a27a2bbde3414b0b0585c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-28 16:38:30 UTC
File Type:
Binary (Archive)
Extracted files:
527
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=px5aotulw3glpxnpfrte5j6ubb66yuxedbzeptk53a3fykohnhea._file
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc botnet:build4 discovery execution persistence spyware stealer upx
Link:
https://tria.ge/reports/251211-pvtlzsdj9s/
Behaviour
Checks processor information in registry
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
UPX packed file
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Executes dropped EXE
Reads user/profile data of web browsers
Stealc
Stealc family
Malware Config
C2 Extraction:
http://178.17.59.55
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

zip 7dfa074e8bb6ccb7ddaf2c664ea7d4087dec52e4187247cd5dd8365c29c769c8

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3731204/
  
URLhaus
https://urlhaus.abuse.ch/url/3731629/

Comments