MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d
SHA3-384 hash: f3c1cf90945d1fdb30743f0a5b1b1c0cb0ed6c1a47cbca794bfc5b5a8d016943f42d764efa8a0726dcfcc8422bd62d12
SHA1 hash: 795bbd8e63ede2c3e589d8c24f25147fd0c18126
MD5 hash: a690e057602d61188317fc887553870e
humanhash: speaker-cardinal-texas-berlin
File name:a690e057602d61188317fc887553870e.exe
Download: download sample
Signature Stealc
Create hunting rule
File size:238'592 bytes
First seen:2023-07-09 03:15:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ad776f537988b97c36b2101a62f689be (2 x RedLineStealer, 1 x Smoke Loader, 1 x GCleaner)
ssdeep 3072:AT4If4ta31cxDHaOLOxycywWRfjccAx/4:lftEM6OLNcyRfjx
Threatray 7 similar samples on MalwareBazaar
TLSH T142349E1372927C72F7224F315D2AC6E43A1EF95D8F1867BB23182E2F19701E19672726
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 000c14131a162200 (1 x Stealc)
Reporter abuse_ch
Tags:exe Stealc


Avatar
abuse_ch
Stealc C2:
http://5.78.104.95/7322cd0544d1389a.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
307
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a690e057602d61188317fc887553870e.exe
Verdict:
Malicious activity
Analysis date:
2023-07-09 03:15:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8ec35ec4-f57c-48fd-93f6-f61ffa796345

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/412216/
Detection(s):
SecuriteInfo.com.Trojan.Siggen21.6671.976.18063.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Launching a process
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96636/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/64aa26722333b198b239b261/reports/58d05e2a-a63b-46ed-bde7-98e488466d63/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3e419864-fe5b-4229-8f18-a53d62f6cb60
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d/
Threat name:
Win32.Spyware.Stealc
Create hunting rule
Status:
Malicious
First seen:
2023-07-09 03:16:04 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
17 of 24 (70.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yudhia5i5xn7wq4w466olw5zfg4edlqpabrcvtlqmpf7ji4ltwgq._file
Verdict:
malicious
Similar samples:
8933096a3a5c51c79403a2dd9bb1db722ec059cb135b203ec1393c0ea3bd15de
Stealc
a1a47aa6139e363e0c8aaf7e5fe00ba1f5df02b660fd158deec23c3f4c910cfa
Stealc
c4b6bb4bd33e3ef107781a21eb0dedb82dbe90c4e9d6f0b19620c8940e18fa6b
Stealc
d87502f99648aac5100598129fd31648afb3dce99bfaf4274dce3997c1bfa6d7
Stealc
f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871
Stealc
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230709-dsfrkaaf56/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Uses Task Scheduler COM API
Program crash
Drops file in System32 directory
Unpacked files
SH256 hash:
88b40d383476cd2ead5f3e57218284c8946fa35e067d0cd9f3ebc4eb633411e5
MD5 hash:
6470af3ba8d9ceebedfd5042549eb50c
SHA1 hash:
ddf5f95c7a500f665a3f199364b1e9c5cfb59422
Link:
https://www.unpac.me/results/a7689e8c-ec20-49cc-89ab-7800e2d69bcb/
SH256 hash:
c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d
MD5 hash:
a690e057602d61188317fc887553870e
SHA1 hash:
795bbd8e63ede2c3e589d8c24f25147fd0c18126
Link:
https://www.unpac.me/results/a7689e8c-ec20-49cc-89ab-7800e2d69bcb/
Malware family:
Stealc
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c5067403a8ed/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5067403a8eddbfb4396e7bce5dbb929b841ae0f00622acd7063cbf4a38b9d8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/412216/

Comments