MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138
SHA3-384 hash: e728a7cf4a3e4e04e99fc438a8ebcd7aae41cba07f797c1a8b1ee29f47acab81940f89c987cb73f361740631cf0f8d1c
SHA1 hash: fe28d5756815fdac31a744a2f11c075f5b1892bc
MD5 hash: acfba6ff2e80e0ebc80df9e7d326337c
humanhash: sierra-yankee-utah-fish
File name:fix-error
Download: download sample
Signature Stealc
Create hunting rule
File size:76'593 bytes
First seen:2024-10-17 08:35:58 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/html
ssdeep 768:BfaGWSO85ALmEcHUfkJ7Bate4LV1VZ6Y3PaNNHpXKMcpgUj:gGZALNcH77BajLbf61NR1pcbj
Threatray 161 similar samples on MalwareBazaar
TLSH T16F73DC871E28EDD0338F6979BEAC619012D0DB6F6FB391A1D04BC5B12F219A975047B3
Magika vba
Reporter crep1x
Tags:Stealc vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
Vbs.Downloader.Fajan-9852006-0
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6710dbec1d4ef219fa63af02
Tags:
Malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6710cc765c4ea75bc80ab41a/reports/9001e498-9583-4ac7-851c-65fc963574a3/overview
Verdict:
Malicious
Labled as:
VBS.DOWNloader.G.Generic
Link:
https://www.hybrid-analysis.com/sample/92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1535885
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138/
Threat name:
Script-WScript.Trojan.Stealc
Create hunting rule
Status:
Suspicious
First seen:
2024-09-25 17:43:56 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=skumytryl4lq3mya32guenug53xmokrsi5njgvwzm67oty2fge4a._file
Verdict:
malicious
Label(s):
stealc
Create hunting rule
Similar samples:
039b95904c2dacfb2fd0798010837023349478dbbb9f70bf52a2f79e4735b5b4
Stealc
0f5978c1e5026feea6e28485ceb99b48105d73a77517faf40c1e57d638a5cdd4
Stealc
2853a61188b4446be57543858adcc704e8534326d4d84ac44a60743b1a44cbfe
Stealc
33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546
Stealc
7ccfae8644c3bc7439b88f2dc0de06bb5082de09b0bf5e143de17487ff252224
Stealc
84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac
Stealc
8c415f6e9e4ddc4df9433b33035ee3c9750283cc9306cdf97d4f9b9df1036946
Stealc
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27
Stealc
error
Stealc
fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911
Stealc
+ 151 additional samples on MalwareBazaar
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader family:stealc botnet:sneprivate29 brand:google discovery dropper loader phishing stealer
Link:
https://tria.ge/reports/241017-lpb8zawakn/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Kills process with taskkill
Modifies Internet Explorer settings
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Detected potential entity reuse from brand GOOGLE.
Suspicious use of SetThreadContext
Blocklisted process makes network request
Download via BitsAdmin
Downloads MZ/PE file
Detects HijackLoader (aka IDAT Loader)
HijackLoader
Stealc
Malware Config
C2 Extraction:
http://95.182.97.58
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/92a8cc4e385f170db300de8d423686eeeec72a32475a9356d967bee9e3453138

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via drive-by

Comments