MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa
SHA3-384 hash: bb5542dbecaf633f31096e56496bff56a05a203de70b38dfed63aae3087cceb1cb4c9256d4306dd3b061437cff34a8a0
SHA1 hash: 9b7476b5268411a0016fe8bb6a352802f399d09a
MD5 hash: fe57bb710f270e6bd31e60d5e7170503
humanhash: helium-fanta-nine-alpha
File name:fe57bb710f270e6bd31e60d5e7170503.exe
Download: download sample
Signature Stealc
Create hunting rule
File size:238'592 bytes
First seen:2023-07-08 11:20:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5c86c39b994542f94a06941bbfbc0dcb (1 x Stealc, 1 x Smoke Loader)
ssdeep 3072:nS2iKwqQItyTtnttq7xanmcvfgwYF85bKrb7+YxURMjlm/D:DjYItyXWSm2glW5ob7hiRM
Threatray 5 similar samples on MalwareBazaar
TLSH T16D348E1272D07CA5E7665F318D2EC1E4371EF95D8F2467BB63186A3F19702E182B2326
TrID 37.3% (.EXE) Win64 Executable (generic) (10523/12/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
16.0% (.EXE) Win32 Executable (generic) (4505/5/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 001030c2c4604444 (1 x Stealc)
Reporter abuse_ch
Tags:exe Stealc


Avatar
abuse_ch
Stealc C2:
http://5.78.104.95/7322cd0544d1389a.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
318
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fe57bb710f270e6bd31e60d5e7170503.exe
Verdict:
Malicious activity
Analysis date:
2023-07-08 11:23:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2319e8ee-e8cf-443e-a356-2fbd3cf81d35

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/412062/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.2359.7933.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Launching a process
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96566/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/64a9469f879586917b239acd/reports/91dc4f4f-7e03-46b6-bd85-01d555f90b14/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b090341c-a07e-4426-b14d-08ac5cb7d949
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa/
Threat name:
Win32.Trojan.Lockbit
Create hunting rule
Status:
Malicious
First seen:
2023-07-08 11:21:05 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ugshvjqtty3d4dekv57f7yaluh256avwmd6rldpoyi6d6terbt5a._file
Verdict:
malicious
Similar samples:
8933096a3a5c51c79403a2dd9bb1db722ec059cb135b203ec1393c0ea3bd15de
Stealc
c4b6bb4bd33e3ef107781a21eb0dedb82dbe90c4e9d6f0b19620c8940e18fa6b
Stealc
d87502f99648aac5100598129fd31648afb3dce99bfaf4274dce3997c1bfa6d7
Stealc
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-nfzn1sfe5z/
Unpacked files
SH256 hash:
88b40d383476cd2ead5f3e57218284c8946fa35e067d0cd9f3ebc4eb633411e5
MD5 hash:
6470af3ba8d9ceebedfd5042549eb50c
SHA1 hash:
ddf5f95c7a500f665a3f199364b1e9c5cfb59422
Link:
https://www.unpac.me/results/40f8c1c2-53ad-4ce6-9911-b35a88e1c0f5/
SH256 hash:
a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa
MD5 hash:
fe57bb710f270e6bd31e60d5e7170503
SHA1 hash:
9b7476b5268411a0016fe8bb6a352802f399d09a
Link:
https://www.unpac.me/results/40f8c1c2-53ad-4ce6-9911-b35a88e1c0f5/
Malware family:
Stealc
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a1a47aa6139e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/412062/

Comments