MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 18


Intelligence 18 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9
SHA3-384 hash: 397b50ccdb7063e861a2883ca899a74519dbde8ed00a2640730636d412a85ad64196799d67743331f830c39ba1e0d624
SHA1 hash: bd4eb9a7a8d47bab5b609408e2de4f9b71957c38
MD5 hash: 17e67cbf1038d088da3522ac42f41f52
humanhash: butter-maine-salami-ceiling
File name:file
Download: download sample
Signature Stealc
Create hunting rule
File size:7'350'152 bytes
First seen:2025-09-18 04:02:27 UTC
Last seen:2025-09-18 05:20:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dc4152fd8ffd9d76d82af552da62e323 (8 x Stealc)
ssdeep 196608:X8fTRa9i/d1Rz2dBJG5KrEDXi3hzABkMrbdWYQV5fvyl3:XCo9qRzAJG51DXi3WBFx2byl3
Threatray 3 similar samples on MalwareBazaar
TLSH T1D276224FD88640E4C695263240521E9EAABE3DAF3D44C51C66CDBC63DB72EEB501E07E
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe Stealc


Avatar
Bitsight
url: http://178.16.54.200/files/5917492177/QTu8SCx.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
79
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
random.exe.bin
Verdict:
Malicious activity
Analysis date:
2025-09-18 01:40:00 UTC
Tags:
auto redline stealer lumma amadey botnet unlocker-eject tool arch-exec loader themida gcleaner rdp
Link:
https://app.any.run/tasks/d96b3520-b05a-4523-b4d3-d0d233256b19

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28020/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68cb846e88b9544392479359
Tags:
vmdetect packed crypt sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP POST request to an infection source
Sending a custom TCP request
Connection attempt to an infection source
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint invalid-signature obfuscated packed packed packer_detected signed threat
Link:
https://www.filescan.io/uploads/68cb84a4dbc6f5a29c4b132f/reports/9a1ed21f-277b-4d1d-b2c4-ce62de10b68f/overview
Verdict:
Malicious
Labled as:
Midie.Generic
Link:
https://www.hybrid-analysis.com/sample/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-17T14:16:00Z UTC
Last seen:
2025-09-17T14:16:00Z UTC
Hits:
~100
Detections:
Trojan-PSW.Win32.Lumma.wia Trojan-PSW.Lumma.HTTP.C&C
Link:
https://opentip.kaspersky.com/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/0433ad8f-75fd-4541-9020-d4f51bcc100b
Score:
87%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/17e67cbf1038d088da3522ac42f41f52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9/
Verdict:
Malicious
Threat:
Family.STEALC
Link:
https://tip.neiki.dev/file/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-09-17 17:54:55 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qja2ndpkfp24djqemm6jpdt7di74sds3rt6a4yrf7zr3ewwrnteq._file
Verdict:
malicious
Label(s):
stealc
Create hunting rule
Similar samples:
3ba3ef4cc21a08817b7e7dae3a46f13bd596025ecd2d983a2203e4bd3eeb14c7
Stealc
56be345b2a3d73fb2d7090c24fdfc4c91a51a274b1479af67551c234ef621758
Stealc
707837ab12e3265c697210c168216999b7f82727119723d8d1006a4d46d3093a
Stealc
error
Stealc
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc botnet:tr1pernn defense_evasion discovery spyware stealer themida trojan
Link:
https://tria.ge/reports/250918-emsdvazzfx/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Themida packer
Downloads MZ/PE file
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Stealc
Stealc family
Malware Config
C2 Extraction:
http://178.16.54.175
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d0b0a474-df08-4e22-9a34-d0c0524909db
Unpacked files
SH256 hash:
8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9
MD5 hash:
17e67cbf1038d088da3522ac42f41f52
SHA1 hash:
bd4eb9a7a8d47bab5b609408e2de4f9b71957c38
Link:
https://www.unpac.me/results/41f8d562-d3b8-472f-9a86-8f05296b643f/
SH256 hash:
39b1675319d221c6fc77671dc78b74edc92f38de194003fdec21ca328472078d
MD5 hash:
c07aeaa4cf6cfe3131db11b72fcc3ac5
SHA1 hash:
04dd48e46297ce54e7d60375a36978c18edb93e5
Detections:
stealc
Create hunting rule
Link:
https://www.unpac.me/results/41f8d562-d3b8-472f-9a86-8f05296b643f/
Malware family:
Stealc.v2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8241a68dea2b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

Executable exe 8241a68dea2bf5c1a604633c978e7f1a3fc90e5b8cfc0e6225fe63b25ad16cc9

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3625562/
Cape
Cape
https://www.capesandbox.com/analysis/28020/

Comments