MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MaskGramStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db
SHA3-384 hash: c41b95eeb00ec1e6198f44d63ac5e031d6dcc52e38a964a8363f1b29210adde3ced8dd598939fec582485b5fc7f78ddd
SHA1 hash: a99b293c18d3fc9551a11f7f5bd0a354207bb315
MD5 hash: 1ffe6e8bdc1983910d12ef9d97f65b55
humanhash: connecticut-delaware-stream-princess
File name:SecuriteInfo.com.Win64.SvitStealer-F.88895832
Download: download sample
Signature MaskGramStealer
Create hunting rule
File size:45'568 bytes
First seen:2026-02-04 08:19:49 UTC
Last seen:2026-02-04 09:29:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1512861382a06675835d7a1b5c8d98e7 (1 x MaskGramStealer)
ssdeep 768:jd/2s+WvVClkHywyied8E9QvMfzvXlhBgFZUSCRcQw8sCdfT:xb+yVgkSwyFd8E9QKXjWFZUw8s
TLSH T1B4230A2BA8E251FDC41AE5758DFB922E6877B8C0107D2A0E19F0DF0B2BB67B0531D251
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe MaskGramStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
Svit
Details
Svit
an xor decoded default c2 address and dead-drop resolver urls
Link:
https://research.acce.ciphertechsolutions.com/results/15824d11-ee21-4be2-8e82-c1ee29118eba/
Malware family:
n/a
ID:
1
File name:
_f7be8d2bed84b6477e37a0ba20546cd6e88f39b71ab47783e5237112891f5882.exe
Verdict:
Malicious activity
Analysis date:
2026-02-03 22:59:53 UTC
Tags:
telegram maskgram stealer auto-reg svitstealer loader
Link:
https://app.any.run/tasks/3cd7217b-9310-4057-9611-f7cffd1a3362

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51622/
Detection(s):
SecuriteInfo.com.Win64.SvitStealer-F.88895832.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698301516b1af47db72cab1c
Tags:
stealer virus remo
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug fingerprint mingw packed
Link:
https://www.filescan.io/uploads/69830148c9bfb60ece1b4974/reports/60fe4628-9ab2-4de4-9399-b45214f7429d/overview
Verdict:
Malicious
Labled as:
Midie.Generic
Link:
https://www.hybrid-analysis.com/sample/8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
Link:
https://opentip.kaspersky.com/8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/873ed4e4-c496-4b85-8f03-721451b8dc70
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/1ffe6e8bdc1983910d12ef9d97f65b55
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db/
Threat name:
Win64.Spyware.Maskgramstealer
Create hunting rule
Status:
Malicious
First seen:
2026-02-03 23:14:03 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 36 (55.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrycoi5clrjhry343yy3wtwwmlvydisjuhmlpgw6lleuzfk7upnq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery
Link:
https://tria.ge/reports/260204-j8mspsax6a/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Checks installed software on the system
Unpacked files
SH256 hash:
8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db
MD5 hash:
1ffe6e8bdc1983910d12ef9d97f65b55
SHA1 hash:
a99b293c18d3fc9551a11f7f5bd0a354207bb315
Link:
https://www.unpac.me/results/8cfb00be-090b-4f94-8d69-06a66472d460/
Malware family:
MaskGramStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8c702723a25c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_Debugger
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__RemoteAPI
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MaskGramStealer

Executable exe 8c702723a25c5278e37cde31bb4ed662eb81a249a1d8b79ade5ac94c955fa3db

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/51622/
  
URLhaus
https://urlhaus.abuse.ch/url/3772010/
  
Delivery method
Distributed via web download

Comments