MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca
SHA3-384 hash: 6af598d981fa2056b25285ee5f31470f7e3c138b7719b0c0fac0960fe290c36f6d4793b93d6ac19381fca3b812a021fb
SHA1 hash: 97f29066a109be6279c5d7a30e85ed7e7efcab2f
MD5 hash: c419365f30642744e616dc37b59dbedd
humanhash: sodium-minnesota-coffee-cola
File name:finalmesh.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:6'178'471 bytes
First seen:2026-03-25 00:51:14 UTC
Last seen:Never
File type: zip
MIME type:application/x-rar
ssdeep 98304:0g1OUTAMosly4hYmV0vck9Dg2MUPGysOtblk4XE6d+nd/wwTbg13zSRbIvorAh8U:0gUUJYyUc++UJhtbqVFFwwHeza0IAh0w
TLSH T1A85633911DF97F636A0F2CF583F92AD162425EC8DB4A5C3CA7B53857B54E4E248BE002
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter Brad_malware
Tags:89-46-38-100 Stealc zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
843
Origin country :
US US
File Archive Information

This file archive contains 27 file(s), sorted by their relevance:

File name:vcruntime140_1.dll
File size:49'824 bytes
SHA256 hash: a535ba88d242ad1924077f1cb6f3287eb053a83d27a1aacb61e6e8ab277e81bd
MD5 hash: 12104966c078618c036a6ac3a03a79bb
MIME type:application/x-dosexec
Signature Stealc
File name:libstdc++-6.dll
File size:2'463'194 bytes
SHA256 hash: ffdee6daaa4afc1975a4ec0371161078a864c6c1f27186b93a673801cad99eba
MD5 hash: 444c1509eb2e1dfa3e23a4f92cc97b31
MIME type:application/x-dosexec
Signature Stealc
File name:Canvas.pem
File size:43'520 bytes
SHA256 hash: 37b9ba1887e19782f4bf01de767bb0db400b0c8a7b6635fe80c64c73150927e2
MD5 hash: 3b16309a22368abaf285e1674d646e09
MIME type:application/x-dosexec
Signature Stealc
File name:FinalMesh.exe
File size:170'712 bytes
SHA256 hash: 160283023b64d54c961302f7e1deb75b23d34a5a925a01188c72903a4bcc8164
MD5 hash: 04da8d3369f9d4c38a772bbcb7e94ad8
MIME type:application/x-dosexec
Signature Stealc
File name:libgcc_s_seh-1.dll
File size:151'364 bytes
SHA256 hash: 729214efc075b7d4a6fd6309d13f8c49574f3d30c60cf0fb6fc002d90a265866
MD5 hash: 34883f52673bded72f9aa7492476dfed
MIME type:application/x-dosexec
Signature Stealc
File name:msvcp140_2.dll
File size:268'912 bytes
SHA256 hash: fbb8557f73ab9a207bd67643fdcf9ae34527325d227c53707cebdf0d1c8c4658
MD5 hash: f7b44650da2eb3b80cdda2ac699f4a0f
MIME type:application/x-dosexec
Signature Stealc
File name:msvcp140_1.dll
File size:35'976 bytes
SHA256 hash: ba0cd05bef6aa5f54f8e86a175742020a98e35a6df116402e5e31ff9e0e8d72b
MD5 hash: d508b529bbb3849032c7b3d41cb01360
MIME type:application/x-dosexec
Signature Stealc
File name:texteditor.pem
File size:86'528 bytes
SHA256 hash: eb7ede50a818ccb65986274d5b8ea4fa8eedf08f94387fb024e4128879e94601
MD5 hash: 0f5dd03d03f9a2747196c4aa86370a56
MIME type:application/x-dosexec
Signature Stealc
File name:Dark.thm
File size:862'208 bytes
SHA256 hash: 6b038ab13138c15d3fb5bf584d0891bc7810f10911315576ecf4102c56f05042
MD5 hash: 95afdfdc1243fb18152073c788b53fd2
MIME type:application/x-dosexec
Signature Stealc
File name:ivCoreFM.dll
File size:2'326'016 bytes
SHA256 hash: e8a4a54c577be9ee62549437c8827d2f47d8e53db84102ac4fc57ea5224cabeb
MD5 hash: 7f97d3a10bfb2b707eb72b004939e5e0
MIME type:application/x-dosexec
Signature Stealc
File name:ivCore.dll
File size:263'168 bytes
SHA256 hash: 704cc228538e318312da4c1da4a0f5a809b403cd04d0875188fcb5ff07df2dd5
MD5 hash: 13b5db5bf9a1b33d0869869f4b9c0d4d
MIME type:application/x-dosexec
Signature Stealc
File name:strings.dat
File size:1'425'932 bytes
SHA256 hash: 6b591348ddee0eee7019942e78f31f95700fdc692a340d84304018446513cd0d
MD5 hash: 3c167b232e9faf5c19ccd6f9cbceccaa
MIME type:application/octet-stream
Signature Stealc
File name:Vintasoft.Imaging.dll
File size:133'120 bytes
SHA256 hash: 66cda634b567199eb32491b1d9bccf3c348156198eee8dfb937a2f1983074e42
MD5 hash: eecc6898cab48ef8f96adcbb52b059a1
MIME type:application/x-dosexec
Signature Stealc
File name:vcruntime140.dll
File size:87'888 bytes
SHA256 hash: d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
MD5 hash: edf9d5c18111d82cf10ec99f6afa6b47
MIME type:application/x-dosexec
Signature Stealc
File name:drvOGL4.pem
File size:161'280 bytes
SHA256 hash: c95fad9ec3017f0be6f77b7f4aec402df551cbeff6d4b04553e63933e1213864
MD5 hash: f5dfab1f7c143c8d0dbefd79b4817850
MIME type:application/x-dosexec
Signature Stealc
File name:drvSoftware.pem
File size:116'736 bytes
SHA256 hash: f37f23f94148e39e73c78992f3c13219c0c2db40f4d1ae90d9566f8638b4b8f1
MD5 hash: b7997cb7674a0dc6b4f210d8ca25b1d0
MIME type:application/x-dosexec
Signature Stealc
File name:ucrtbase.dll
File size:997'056 bytes
SHA256 hash: 4c5b8e529854cedfa8f46cd6906952400cdbbf25efc4cf37dda2c42d8e96ddcb
MD5 hash: ed82e9c6c4f7a475d7fd6ebabf3fab2a
MIME type:application/x-dosexec
Signature Stealc
File name:AddConnection.raw
File size:810'866 bytes
SHA256 hash: 725b492fcbecef53b1f39f21a38277da2a90e523472fdf414e159ae19a04c12a
MD5 hash: 5c63a6046b729d9386b8ede8e5b03195
MIME type:application/octet-stream
Signature Stealc
File name:concrt140.dll
File size:344'712 bytes
SHA256 hash: 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab
MD5 hash: 65f2e5a61f39996c4df8ae70723ab1f7
MIME type:application/x-dosexec
Signature Stealc
File name:libwinpthread-1.dll
File size:63'678 bytes
SHA256 hash: 04737a97282e4068a06ebce60ef80d2f42b8dd33ed7f2cf09ee85d4167e6f9a1
MD5 hash: 3134477e8dd41782ef0406d2b71361d3
MIME type:application/x-dosexec
Signature Stealc
File name:JGui.dll
File size:98'816 bytes
SHA256 hash: c50f4e59c4db53ac67d8cf74c92ceca7fa74881a5780fd2e0ccdde07fd1ab287
MD5 hash: 28b1b434e78d80e149c535edc330176c
MIME type:application/x-dosexec
Signature Stealc
File name:zlib1.dll
File size:64'000 bytes
SHA256 hash: 12cf154b89ce251e9fe315170318e97f95afdc033fe7d16912176efe74586445
MD5 hash: 589314fde46d487a590bfa4d10921f7a
MIME type:application/x-dosexec
Signature Stealc
File name:msvcp140.dll
File size:633'152 bytes
SHA256 hash: 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
MD5 hash: 9ff712c25312821b8aec84c4f8782a34
MIME type:application/x-dosexec
Signature Stealc
File name:Serilog.Sinks.ApplicationInsights.dll
File size:154'624 bytes
SHA256 hash: 3ec76e563303c654f7f75a930c3418f1b6f9f98be8a3b1e244260316cd906434
MD5 hash: 742497706b4e449840542de1ab3f7440
MIME type:application/x-dosexec
Signature Stealc
File name:ivCore3d.dll
File size:876'544 bytes
SHA256 hash: 02e492c227201b49dae2029ed345eebb237098832bbaac07ee6db5dd538c5c70
MD5 hash: 2837759bf38608a46a21cd54adf08c69
MIME type:application/x-dosexec
Signature Stealc
File name:drvOGL.pem
File size:120'320 bytes
SHA256 hash: b63e0182364e41d6a78bbe27748e4e113e5a5bf883917bb1051a29bdaab48e26
MD5 hash: 42d2358c2b7c3fd664ce02744194640e
MIME type:application/x-dosexec
Signature Stealc
File name:ivCoreWnd.dll
File size:470'528 bytes
SHA256 hash: bdec5022ff370268ea15834de896700efc886e04803ade5fb349287cb73bc431
MD5 hash: 0ba2453131d624057b6ff516b77c12ef
MIME type:application/x-dosexec
Signature Stealc
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/4f1ec34b-ed77-4e7f-816c-834be979f580/
Detection(s):
YARA.MALPEDIA_Win_Bqtlock_Auto.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694ccd95038f10550b5577bd
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca
Verdict:
Clean
File Type:
rar
Link:
https://opentip.kaspersky.com/a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-25 00:51:40 UTC
File Type:
Binary (Archive)
Extracted files:
146
AV detection:
6 of 23 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u6434eqry3phnovtdw6nhiojtbq46ghdemhkt5ru4b6sfqlz2hfa._file
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc botnet:m1 discovery spyware stealer
Link:
https://tria.ge/reports/260325-hcjkqsgt2k/
Malware Config
C2 Extraction:
http://89.46.38.100
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a7b9be1211c6de76bab31dbcd3a1c99861cf18e3230ea9f634e07d22c179d1ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments