MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Stealc

Vendor detections: 17

Intelligence 17 IOCs 1 YARA 15 File information Comments

SHA256 hash:	8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19
SHA3-384 hash:	656313e1953aeba06646672e6a509d5988a33ce6dde5f2df36eeee13d4934f9914c88b85e80840602e6b240e171d36ad
SHA1 hash:	d49ca4cb2b5eab8c518aef8a171331f9d299259f
MD5 hash:	700a76feefc2738aab348a823a949753
humanhash:	eight-kilo-india-robert
File name:	x8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227.exe
Download:	download sample
Signature	Stealc Create hunting rule
File size:	298'360 bytes
First seen:	2026-03-06 00:05:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bcad5afb62b59a3de8dc0f219fbb01fd (1 x Stealc)
ssdeep	6144:Qeh/H+Zhyu8Jfc080/OmUMo4gW2UhgSWtAg+:Vh/ahy80WmUMo4xlhgFtAg+
Threatray	96 similar samples on MalwareBazaar
TLSH	T133547D1212E468B5E12207365E3FC7F53E5AF9614D357E5D298BBE7F09380E2C129B22
Magika	pebin
Reporter	abuse_ch
Tags:	exe Stealc

abuse_ch

Stealc C2:
http://arthurmaes.top/410b5129171f10ea.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://arthurmaes.top/410b5129171f10ea.php	https://threatfox.abuse.ch/ioc/1172277/

Intelligence

File Origin

# of uploads :

# of downloads :

173

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

AceCryptor Stealc

Details

AceCryptor

an extracted shellcode loader component and the ms_c_rand-XOR seed

AceCryptor

an extracted payload

AceCryptor

an extracted shellcode loader component and a TEA decryption key

Stealc

decrypted strings, an RC4 key, c2 url, url paths, and possibly a missionid and a separate network RC4 key

Link:

https://research.acce.ciphertechsolutions.com/results/ec353506-b79d-422c-a72b-a4414fc679d0/

Malware family:

n/a

ID:

File name:

x8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19.exe

Verdict:

Malicious activity

Analysis date:

2026-03-05 23:35:24 UTC

Tags:

stealc stealer

Link:

https://app.any.run/tasks/c9de6b78-ee42-4466-864c-d72d3569f7b2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Stealc

Link:

https://www.capesandbox.com/analysis/55759/

Detection(s):

Sanesecurity.Malware.29207.BadIN.UNOFFICIAL

Sanesecurity.Malware.29208.BadIN.UNOFFICIAL

Sanesecurity.Malware.29209.BadIN.UNOFFICIAL

Win.Packed.Zenpak-9995055-0

Win.Dropper.Tofsee-9997698-0

PUA.Win.Packer.Embedpe-3

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69aa133b002d37d5c98440f0

Tags:

malware

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context anti-debug azorult crypt fingerprint glupteba keylogger microsoft_visual_cc packed unsafe

Link:

https://www.filescan.io/uploads/69aa1a4110e80629d4fe6f06/reports/8e203256-2e36-4946-9524-4faf089883e9/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

Verdict:

Malicious

File Type:

exe x32

Detections:

Trojan.Win32.Chapak.sb Trojan-PSW.Win32.Stealerc.sb Trojan.Win32.Zenpak.sb Trojan.Win32.Yakes.sb Trojan.Win32.Strab.sb HEUR:Trojan-PSW.Win32.Stealerc.gen

Link:

https://opentip.kaspersky.com/8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19/results?tab=lookup

Malware family:

Stealc

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/18ce2ce1-9506-4d52-8326-63b8bc90ccd4

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1879320

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking locale)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Unusual module load detection (module proxying)

Behaviour

Behavior Graph:

Download SVG

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19/

Verdict:

Malicious

Threat:

Family.STEALC

Link:

https://tip.neiki.dev/file/8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

Threat name:

Win32.Trojan.AZORult

Status:

Malicious

First seen:

2026-03-05 18:50:02 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 38 (76.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ryi3m2bw7rfpuo7ryebpa4ufp75t5qx2uit6f6kmjc6o6hzazmmq._file

Result

Malware family:

stealc

Score:

10/10

Tags:

family:stealc botnet:default discovery stealer

Link:

https://tria.ge/reports/260306-adcjtadz5z/

Behaviour

Program crash

System Location Discovery: System Language Discovery

Stealc

Stealc family

Malware Config

C2 Extraction:

http://arthurmaes.top

Unpacked files

SH256 hash:

8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

MD5 hash:

700a76feefc2738aab348a823a949753

SHA1 hash:

d49ca4cb2b5eab8c518aef8a171331f9d299259f

Link:

https://www.unpac.me/results/74806d0b-3d21-40d1-b7c2-88460e6abb04/

SH256 hash:

9de867a294deacb793afdf26c9b12a8eaa1276408212ae3cb7aec0b338fe119a

MD5 hash:

5258f253442a1816164d7f417558e39d

SHA1 hash:

f4b69f7411ad691a653d50fb5bea860ff01596b6

Detections:

win_stealc_a0

win_stealc_auto

Win32_Infostealer_StealC

Link:

https://www.unpac.me/results/74806d0b-3d21-40d1-b7c2-88460e6abb04/

Parent samples :

15abda25306ba3ceeb816e87783ce6ed7d46248d068d2f5ac1e348d47de91633
86d7dbb438477b8334304d10d719d750bf379a10e2fc02a5e29632e2ed3a101c
b03a49e4d7224804379ff6281c5edcc49f89e2cdcb6f74db2224c415e7dff2fa
1f27ad0379e176ab51f8adaf154e0172dcdd11c2d4f09dd84c89f036f7a55199
8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

Malware family:

Stealc

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8e11b66836fc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8e11b66836fc4afa3bf1c102f072857ffb3ec2faa227e2f94c48bcef1f20cb19

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	infostealer_win_stealc_standalone Create hunting rule
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

Rule name:	malware_Stealc_str Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	Stealc infostealer

Rule name:	Stealc Create hunting rule
Author:	kevoreilly
Description:	Stealc Payload

Rule name:	Suspicious_Process Create hunting rule
Author:	Security Research Team
Description:	Suspicious process creation

Rule name:	TH_Generic_MassHunt_Win_Malware_2025_CYFARE Create hunting rule
Author:	CYFARE
Description:	Generic Windows malware mass-hunt rule - 2025
Reference:	https://cyfare.net/

Rule name:	Win32_Infostealer_StealC Create hunting rule
Author:	ReversingLabs
Description:	Yara rule that detects StealC infostealer.

Rule name:	Windows_Trojan_Generic_2993e5a5 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Stealc_a2b71dc4 Create hunting rule
Author:	Elastic Security

Rule name:	Windows_Trojan_Vidar_c374cd85 Create hunting rule
Author:	Elastic Security

Rule name:	win_stealc_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	Detects win.stealc.

Rule name:	win_stealc_w0 Create hunting rule
Author:	crep1x
Description:	Find standalone Stealc sample based on decryption routine or characteristic strings
Reference:	https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/55759/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample