MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b
SHA3-384 hash: db15aa920560318c9e3aac32bf2e17fa6d09d188e1e675e6cd8c4c6a76b1ce2fc5d8da45cbd33f9ec30fb3bce26239cc
SHA1 hash: 953ee890d9b6040bae8bdd347241e1b1ff3c0a15
MD5 hash: 3a1f9204a1f08953bacef8cb1bdeefc0
humanhash: iowa-kansas-hotel-ceiling
File name:archive.zip
Download: download sample
Signature Stealc
Create hunting rule
File size:19'521'436 bytes
First seen:2024-07-26 15:37:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:/3fBluSgM2pEGMVXwMRRSaiM83kWXSziT1olamYUDA7FjFq9+6fSCg7Rfh:/f6Sxw6gPF5CU2Oh
TLSH T1D217336749764FD2DCAD05BC90D71F16374DEA884092CB9B0328E26BFEB7374D62A901
Reporter aachum
Tags:file-pumped PrivateLoader zip


Avatar
iamaachum
https://ptv352.com/FL_Studio_21_Full_%282024%29_Versi%C3%B3n_21.2.3_Espa%C3%B1ol_%5BMEGA%5D.zip?c=AJ--o2bGSwUAdHoCAEVTFwASAAAAAADQ => https://spamedicowellness.com/download/privateArchive_02.7z

PrivateLoader C2: http://109.120.176.203/api/crazyfish.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
ES ES
File Archive Information

This file archive contains 38 file(s), sorted by their relevance:

File name:Aspnet_perf.dll
File size:43'800 bytes
SHA256 hash: 62e9c0825100ff5ebd93137d3be2466100d73ab3a1cc9622adfe54ec143c0c75
MD5 hash: f22ad2623cad6567abc6c8e865898733
MIME type:application/x-dosexec
Signature Stealc
File name:WsmSvc.dll
File size:2'337'792 bytes
SHA256 hash: 4ef2431d42d2bc0fb1b1991ebbe7193f081b37502acba6e980b53db85b931b71
MD5 hash: 20fa73336f39e968ac6d0367d681a97a
MIME type:application/x-dosexec
Signature Stealc
File name:unins000.exe
File size:1'537'231 bytes
SHA256 hash: 4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
MD5 hash: 3ab31d714c50ae078f9eaba7b2497191
MIME type:application/x-dosexec
Signature Stealc
File name:System.Speech.dll
File size:692'224 bytes
SHA256 hash: 000028670db2a67449efeaa1a6e96afe1124094bb6123144780c9eca19767b61
MD5 hash: d04c846a1d4bb16e5e5e9a0fb10baf47
MIME type:application/x-dosexec
Signature Stealc
File name:CbsCore.dll
File size:2'198'856 bytes
SHA256 hash: 079d43ecd7d3be041436f2d3f032aa0ed8603f6682465d6139fe3745a2625e11
MD5 hash: 4cfec4ad388bb464700229c41bbd0f9d
MIME type:application/x-dosexec
Signature Stealc
File name:clr.dll
File size:8'086'456 bytes
SHA256 hash: 570e97dfc58309972f06954944e161066b4da31c3ee7588792e6aa0d209b8c33
MD5 hash: 3acabd94d146e379089e9a8c2acb1f97
MIME type:application/x-dosexec
Signature Stealc
File name:mispace.dll
File size:2'490'752 bytes
SHA256 hash: 6186cb8332ff3046efa396f73145dd9ecbf14b12690ce4d5bf1f71ee551a11de
MD5 hash: b5818f7b165ac87f7ad67e906a47240b
MIME type:application/x-dosexec
Signature Stealc
File name:System.Transactions.dll
File size:261'632 bytes
SHA256 hash: 99bf72b38e4d76005468eba64016049127d835b89b3ed7523d923a917b444679
MD5 hash: 6432dbab3ce97c10bb97ed564c3c55b7
MIME type:application/x-dosexec
Signature Stealc
File name:GdiPlus.dll
File size:1'455'104 bytes
SHA256 hash: 4e34b9d7be69b59dfe5dab6045e0eace6692417842478fdc173a122263a9c3c8
MD5 hash: f1a37bcff33ef15e303e714725e1e00d
MIME type:application/x-dosexec
Signature Stealc
File name:System.AddIn.dll
File size:163'840 bytes
SHA256 hash: b04b43743a8d56ce4f04b265ae0ece7185ca5cc2508feed6e7da071f97732076
MD5 hash: 99ab52bffee95e75ab15e81e4e68db8b
MIME type:application/x-dosexec
Signature Stealc
File name:WindowsBase.resources.dll
File size:110'592 bytes
SHA256 hash: f6503416ba5abdbe6b2e292ed9819f61d431c3964b1c09f07c9c9334eccc2c07
MD5 hash: 7e135fbe7467cd5d5a6f07d499dbf3db
MIME type:application/x-dosexec
Signature Stealc
File name:PrimitiveTransformers.dll
File size:63'856 bytes
SHA256 hash: b7fa74f9a083426bb33fba0e2294fe016e47cddec2eddcde4e34e8e620e54ce0
MD5 hash: 3c7c0f531b18bfce88ba3e7d7462602e
MIME type:application/x-dosexec
Signature Stealc
File name:db-journal
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Signature Stealc
File name:Microsoft.Uev.AppAgent.dll
File size:1'646'560 bytes
SHA256 hash: 614cfeada30de1be92e377e74e54a8ad7ba829a7bf3137f4c70e0e05f0aa206f
MD5 hash: 69cce5450675ea07e32f555f13a33971
MIME type:application/x-dosexec
Signature Stealc
File name:data_3
File size:4'202'496 bytes
SHA256 hash: 6f933af3d9949acd910cbfe3b795257ee8986025336c6d2583246283049230f9
MD5 hash: 0a9e5a508cf91678fc48274d047636c4
MIME type:application/x-dbt
Signature Stealc
File name:certmgr.dll
File size:1'957'888 bytes
SHA256 hash: 859519d057e0720ec3b9a743f8869c6354d3d67a2154bba6d6db2b4b9fd5aa18
MD5 hash: c57abbb736050e8efc24f9a4829cecdf
MIME type:application/x-dosexec
Signature Stealc
File name:wpfgfx_v0400.dll
File size:1'626'392 bytes
SHA256 hash: ebe27d071bb94a963ce0c0cb6d99f0dbe1612dabd00274bf7c2ae1caa698d9cc
MD5 hash: 07e9e8f44b54913678e4b8481fd5317b
MIME type:application/x-dosexec
Signature Stealc
File name:sppinst.dll
File size:45'400 bytes
SHA256 hash: ec3b5c20764648a5c15227289a7389aaa6d3f5252dd8e1758e9a0b305d28589b
MD5 hash: 42b3a03dbaf9f8f04ef2470f990bfd0c
MIME type:application/x-dosexec
Signature Stealc
File name:SettingsHandlers_OneDriveBackup.dll
File size:103'424 bytes
SHA256 hash: 0dfb42a0710a2ea77c98e23151de8eea771d919b34e043215e3824aa11015d9c
MD5 hash: 4b87a8c6dcd541351dd8bba87ddde5b3
MIME type:application/x-dosexec
Signature Stealc
File name:msxml6.dll
File size:1'952'560 bytes
SHA256 hash: 4f7dc7db3f6f6081b8299f83bf2fc3ffed4a942453be53ab06f937bcd66c17ce
MD5 hash: a6327d0531499902d75035699f45b5e0
MIME type:application/x-dosexec
Signature Stealc
File name:setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:755'017'520 bytes
SHA256 hash: 2be5b04cec2a6ae259f8f08ac627a6a5c1f998e40edf58e06e1fa9b6c3f42018
MD5 hash: 91697a3aa85be2c072dc7387c31a82b5
De-pumped file size:49'664 bytes (Vs. original size of 755'017'520 bytes)
De-pumped SHA256 hash: f8c383448354557bc673460556e200505c788be7514a30cf511d8c5b87004902
De-pumped MD5 hash: 88ce61d6a7d30f7d14e5f7a71b6eaddd
MIME type:application/x-dosexec
Signature Stealc
File name:wsp_health.dll
File size:1'346'032 bytes
SHA256 hash: de025fef126ef13399acdb6bf3a4eb28fba270a37efc96fc64b373d541c61106
MD5 hash: 19af6f02fa3a38b8a8cd7a8e4266b98e
MIME type:application/x-dosexec
Signature Stealc
File name:webengine.dll
File size:27'112 bytes
SHA256 hash: 571af250f5d68df99747e8baa93fd2c74c96e9ddecf5b0f1d292c1543ffcbf41
MD5 hash: 3ce750808974016ea54407b7043838aa
MIME type:application/x-dosexec
Signature Stealc
File name:InstallUtilLib.dll
File size:117'224 bytes
SHA256 hash: 4f10c0bd8d22e8215b02f092279abf7bb148cb1497207ec2ebab32662009b2ac
MD5 hash: fe01d395c4b85df8c426fc9620120ba8
MIME type:application/x-dosexec
Signature Stealc
File name:msvcr90.dll
File size:655'872 bytes
SHA256 hash: cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb
MD5 hash: 4d03ca609e68f4c90cf66515218017f8
MIME type:application/x-dosexec
Signature Stealc
File name:PresentationNative_v0400.dll
File size:930'792 bytes
SHA256 hash: 295d61d24fd1ce5a24eaf6b84e7895fe919439a14b26f04f863f8f0880e91de1
MD5 hash: 8eb5131e94f21644d5b10dce26057bf6
MIME type:application/x-dosexec
Signature Stealc
File name:mscordbi.dll
File size:1'195'800 bytes
SHA256 hash: 5cab66e78e34b39dd8115564cd1155e30ff2dc8f1d9769af47d14ea060f06d36
MD5 hash: b3e040e8f9ce22080a129b863009a82c
MIME type:application/x-dosexec
Signature Stealc
File name:ServiceModelPerformanceCounters.dll
File size:91'112 bytes
SHA256 hash: 7be6193201bd73b63104a8700be69b82cbcd8ce42f63d3324ae818ad16bd131b
MD5 hash: 5f8650c4e6f1edcc2f9c65897e1d0527
MIME type:application/x-dosexec
Signature Stealc
File name:app_type.xml
File size:159 bytes
SHA256 hash: 00e68d05801e95c3207dbea1e8b448ac8960be835634df108f7286e56d0706f7
MD5 hash: c6e524037a2152d1963a2c29dbfa2966
MIME type:text/xml
Signature Stealc
File name:readme.txt
File size:53 bytes
SHA256 hash: 83ab826c036bb841639276fa0e2b2d7dd07165cd2f17a039d0b3d0118d5c3f19
MD5 hash: 1a4884dcdb1a8908bee1099dc846f896
MIME type:text/plain
Signature Stealc
File name:ILU.dll
File size:76'296 bytes
SHA256 hash: 1cf1841d43767fe2f28a4e2994fe77488d232ebec3fc4cde3dcef106a5274bc8
MD5 hash: aee74e686dcf044042c150a75709e367
MIME type:application/x-dosexec
Signature Stealc
File name:System.Web.DynamicData.Design.dll
File size:32'768 bytes
SHA256 hash: 6776fd7aa08170c1618acee4bb9af93e2b1169f253468b95c120ff5a5b70bb2c
MD5 hash: b58d5ad34f57262b1aa9056791762f18
MIME type:application/x-dosexec
Signature Stealc
File name:mfmp4srcsnk.dll
File size:1'888'832 bytes
SHA256 hash: 312efcaa24698f3da62e04966f0c509aa9a5f795b1570410beb4b9a76251bb52
MD5 hash: f834ce3103c8a181b8bbefef6d10e6e3
MIME type:application/x-dosexec
Signature Stealc
File name:rdpbase.dll
File size:1'298'416 bytes
SHA256 hash: a2fcf0354a97f2a1a76d6352e46ce47eaf3340feca67bde3d1cdd7e6ff47c4c4
MD5 hash: 536d282503814a1b0c791c6da5da729e
MIME type:application/x-dosexec
Signature Stealc
File name:AudioEng.dll
File size:1'884'888 bytes
SHA256 hash: e75a456c18d93a9bff731139e5dff0b7a92f2e1f5b7228274385c65a527a1f42
MD5 hash: 074adb230e03ccdd7592aa91fd6827e6
MIME type:application/x-dosexec
Signature Stealc
File name:WMINet_Utils.dll
File size:140'048 bytes
SHA256 hash: fc0f7db5efa34abc02b426f94b1d172cca3552e3c34ac0b9244d8388fc00f669
MD5 hash: 3f39fd88760ba315975f19e45a30c62d
MIME type:application/x-dosexec
Signature Stealc
File name:PenIMC_v0400.dll
File size:26'096 bytes
SHA256 hash: 6e1dc112a74c3149043136f847e21148c823d76fb3ed61b84d4a4e7e53bf527d
MD5 hash: be49782166585d455168eaff44274699
MIME type:application/x-dosexec
Signature Stealc
File name:Windows.Networking.Vpn.dll
File size:1'148'928 bytes
SHA256 hash: c2854f78b068d97375e3e56e14487935a057a37573c06919549b058f5f198b98
MD5 hash: b009e8f8394ea2bf22937a39c720db8f
MIME type:application/x-dosexec
Signature Stealc
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66a3be08fb0026d1138a9cdd
Tags:
Encryption Generic Static
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b
Score:
2%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xonfljutcnsvdc7eogncuemnlxthr7e2gpzv4ooxmtl7m3vbii5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PK_PUMP_AND_DUMP
Create hunting rule
Author:Will Metcalf @node5
Description:Walks Zip Central Directory filename entries looking for abused extension then checks for a file that's at least 25M and then check to see how much uncompressed size is vs compressed size

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

zip bb9a55a6931365518be4719a2a118d5de678fc9a33f35e39d764d7f66ea1423b

(this sample)

Stealc

Executable exe e029649c27b530cde29120d4efbef76d537ead6617fa0c05f11211e5bd234562

  
Link
https://tria.ge/240726-srkfpazaqf
  
Delivery method
Distributed via web download
  
Dropping
SHA256 e029649c27b530cde29120d4efbef76d537ead6617fa0c05f11211e5bd234562
  
Dropping
MD5 ccba0064d8fb013b5ba0d8738afa7d77
  
Dropping
SHA256 3cdf495cf7d1eba5d1bb55ecb72ed5c18d2ff1bef0ced9569ed54f5bfa89b497
  
Dropping
MD5 d5783572b939c378553f42ed9c4ea6c4
  
Dropping
SHA256 a35e785bcf822d20a6bfb76d4dd3f78ecebaf8147f03ee2ffd8d492ac8cc657f
  
Dropping
MD5 3472874efe2c665ab11817ce53216d21
  
Dropping
SHA256 fee76384c8607145aea5e8e60f00feebe357e404202460c5a0bdb01718bc1db7
  
Dropping
MD5 40c43f0a02f466b319a8ad5fbeaab17a
  
Dropping
SHA256 7a4b5e91d0222c145a45c4c844136be284a4df98737c6dae589d65c439d0e6d2
  
Dropping
MD5 9e96179dbd4fa2006157a4617e270555
  
Dropping
SHA256 a36a4fce0902ebb99f0a8441b024a03c2f1cd66063c59391257f0f96ea9ee5fb
  
Dropping
MD5 9795b9f24e9a98ae78f7cad809ed1e2a
  
Dropping
SHA256 4a54ae992cdbec6cfe309567fb1bf1d6d2f73b5b73ff259f184f6e9230a352bf
  
Dropping
MD5 db2338f35c9617d85df49c33df856dbb

Comments