MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8cb7d69cc70ddb8f1a0b685ca64fa5330d4d56bf5ee33f6924893ff70c7497f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Stealc

Vendor detections: 3

Intelligence 3 IOCs YARA 24 File information Comments

SHA256 hash:	c8cb7d69cc70ddb8f1a0b685ca64fa5330d4d56bf5ee33f6924893ff70c7497f
SHA3-384 hash:	ce234b0edf8950cccf61f3d41e2e4eea2576bf4981c3e8eb0d3d02ad6527a6f41b024a1ef89383b717f99917a9aa391a
SHA1 hash:	5623ec8c539f91f8430836f3cd14ec54f464b120
MD5 hash:	6203912ed3e8d0f9bdd06f11bb80afd4
humanhash:	solar-ink-mars-earth
File name:	Licеnce.Lоadеr(РA$$.- 2025).rar
Download:	download sample
Signature	Stealc Create hunting rule
File size:	79'778'430 bytes
First seen:	2026-01-29 19:44:46 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
Note:	This file is a password protected archive. The password is: 2025
ssdeep	1572864:dxTKPyvpEIHe58Kt8uXsJXdx3vIfCjk+9wsOrCUf1+dY5D+xX:dxW45Hiz8ysVdxfiCATzf8cD+1
TLSH	T10E0833DCEA0BB5926ECE5BADED5C56F818B6CBF2C752112150EE93B41C181F12678CC2
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	aachum
Tags:	158-94-211-84 Adware.Generic file-pumped pw-2025 rar Stealc

iamaachum

https://www.youtube.com/post/Ugkxo2geOa1z9aNiDiMpJE_e22s-NeZF6HUV => https://www.mediafire.com/folder/hhsq6r4zizudo/Fo

Stealc Build ID: NewNew29
Stealc C2: http://158.94.211.84/843cf72b27dd4a61.php

Intelligence

File Origin

# of uploads :

# of downloads :

587

Origin country :

File Archive Information

This file is a password protected archive. The password is: 2025

This file archive contains 20 file(s), sorted by their relevance:

File name:	install.key.fix.dll
File size:	79'888 bytes
SHA256 hash:	7d86f3ba0232c2ac4b4fce96e4cebb23700312a032d5d0db988ec6b358be1686
MD5 hash:	0d4fb4095ea49c1ec89b9e8db0b936a3
MIME type:	application/x-dosexec
Signature	Stealc

File name:	Key.dll
File size:	3'951'264 bytes
SHA256 hash:	8249bcff9a8d9aa7e580076e2c84147571270eb27c74a7dc8df52a447b123d86
MD5 hash:	9544b9113212187322433e63957facfb
MIME type:	application/x-dosexec
Signature	Stealc

File name:	deployvd.dll
File size:	462'496 bytes
SHA256 hash:	e43b1d34db83cec6fcee8b60d6a4f9cba76242d9905a76b7ff0948b449abc362
MD5 hash:	53c48fd17f3fee2c69d0cd6620d097a8
MIME type:	application/x-dosexec
Signature	Stealc

File name:	SqlUserInstance.rll.mui
File size:	16'256 bytes
SHA256 hash:	53628cdc01c218e796e700033944e3acd9c9e2e098509493e98aaeaadfccfb89
MD5 hash:	13142c39ab174fd96e34e90cb11faac5
MIME type:	application/x-dosexec
Signature	Stealc

File name:	xe.dll
File size:	631'680 bytes
SHA256 hash:	f724575de0ea9ec3cc15a1f10d6a936ef2ec6dd3790d0d1c39dfc1f9d31aece4
MD5 hash:	9abbdab424f66a7f4c395fd8759cef0e
MIME type:	application/x-dosexec
Signature	Stealc

File name:	License_SQLNCLI_ENU.txt
File size:	14'310 bytes
SHA256 hash:	9cfec87cb1fe913126aa50811a09d34f494d9917b2958ed2b9056744aed26a35
MD5 hash:	3666ab3b60d527211ba53203bef9f911
MIME type:	text/plain
Signature	Stealc

File name:	sharedmanagementobjects_keyfile.dll
File size:	23'640 bytes
SHA256 hash:	f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948
MD5 hash:	5e54cb9759d1a9416f51ac1e759bbccf
MIME type:	application/x-dosexec
Signature	Stealc

File name:	SqlUserInstance.dll
File size:	153'688 bytes
SHA256 hash:	b62fab3be134e7765720c0eb579be5a65ae719771b1e39c14ac39958d554b90e
MD5 hash:	423671a408eedd5e51f4d4f6a3de4589
MIME type:	application/x-dosexec
Signature	Stealc

File name:	Microsoft.Data.Tools.Schema.Sql.dll
File size:	7'321'984 bytes
SHA256 hash:	4766b371110ea2677d3338ce6d70a08857076419c8e28c660eb274e15c74baea
MD5 hash:	a63b6868f74d9d5217a6403ff6d431c2
MIME type:	application/x-dosexec
Signature	Stealc

File name:	sqlvdi.dll
File size:	205'696 bytes
SHA256 hash:	19e4a2a8676a9f4a488d67f1f7e44bf8a013f0ab5c51d7a0d4911e4b2300e2d6
MD5 hash:	5fca59a96ad276ee95bc6ab297c3b374
MIME type:	application/x-dosexec
Signature	Stealc

File name:	dsenginev2.dll
File size:	254'232 bytes
SHA256 hash:	4f037a4378c5c507e3330c6a18874e4600e5eaba8fd2887b61fbeeb6ca4b64c7
MD5 hash:	eb8f0ae9d91ba8f6cf4b7001b071727e
MIME type:	application/x-dosexec
Signature	Stealc

File name:	DevicesFlowUI.dll
File size:	1'795'072 bytes
SHA256 hash:	258c50b953e27b5d1016c0b2484c6e5c402ba89a63f06ecf7f72ae46efbeb0fe
MD5 hash:	ed8b2f5188bfa9fba8193e258e4ba6ab
MIME type:	application/x-dosexec
Signature	Stealc

File name:	vulkan-1.dll
File size:	913'768 bytes
SHA256 hash:	dc4bca39a9b2547d5f2ecbecf1dc0702183f294255843268865b2350e48d55ea
MD5 hash:	4aef94fa80ed413eb8943f1da6eca663
MIME type:	application/x-dosexec
Signature	Stealc

File name:	HelpPanel.dll
File size:	1'075'712 bytes
SHA256 hash:	3ec966736524695c7499b63d46a8482be8e127ce9e18c3d48d58bc1a70fc173a
MD5 hash:	57d8806c58d69b6a1b6a0298520e67c3
MIME type:	application/x-dosexec
Signature	Stealc

File name:	License_SysClrTypes.rtf
File size:	98'419 bytes
SHA256 hash:	8b22bf1ae6eff48a0db233b3ba578e33fdf5ffb0970fdd4fda5c34b18bd1da12
MD5 hash:	1457bc2916c92669ac1423a4f667bc5c
MIME type:	text/rtf
Signature	Stealc

File name:	update.dll
File size:	56'579'888 bytes
SHA256 hash:	575ad04aad19034af4862fcaa8991fdc3a87d07d2d136787e1c84c2f8bcb4532
MD5 hash:	b7d281ba860f7507be10288a54de8fe3
MIME type:	application/x-dosexec
Signature	Adware.Generic

File name:	msodbcsql.h
File size:	110'706 bytes
SHA256 hash:	3dfa4ac8ba992e3c2751688d192b382911702cc1565c27604b7548a97a5f0fc0
MD5 hash:	bb869705cc8069a5811eeac7457622f9
MIME type:	text/x-c
Signature	Stealc

File name:	msodbcsql17.lib
File size:	7'162 bytes
SHA256 hash:	0ca1e69a010f5c4a8cea193d5144f277c7370157d68fcf45f2e09d7a8c9871e3
MD5 hash:	992fd89649da9582d7f62ea0953943e8
MIME type:	application/x-archive
Signature	Stealc

File name:	SqlUserInstance.rll
File size:	21'376 bytes
SHA256 hash:	89521c05d50625512ef53b3c11cded25cdee1d7dc63ff539c2ba8a58a6361e13
MD5 hash:	34a0d74588db4242b3166bcfe1c2cdd6
MIME type:	application/x-dosexec
Signature	Stealc

File name:	Licence_Version_Loader.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	750'851'768 bytes
SHA256 hash:	2bcb9e5128dc79b9d8a843b69593a70f1fc486327c1869cfeffc134571208f23
MD5 hash:	9e59a0b1d35478f2958935796119366f
De-pumped file size:	5'312'000 bytes (Vs. original size of 750'851'768 bytes)
De-pumped SHA256 hash:	303fc8b8cd7043f988d3c59d19168aa2969d09450f02323e8ce21dbe575e5ea1
De-pumped MD5 hash:	397cf264c4120a5d9cdf1dc4cc903eba
MIME type:	application/x-dosexec
Signature	Stealc

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/db499c42-41f6-418d-a701-dc91524cf5bd/

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=690f5b6330bacec888c9e478

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/c8cb7d69cc70ddb8f1a0b685ca64fa5330d4d56bf5ee33f6924893ff70c7497f

Verdict:

Clean

File Type:

rar

Link:

https://opentip.kaspersky.com/c8cb7d69cc70ddb8f1a0b685ca64fa5330d4d56bf5ee33f6924893ff70c7497f/results?tab=lookup

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zdfx22omodo3r4naw2c4uzh2kmynjvll6xxdh5usjcj764ghjf7q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Any_SU_Domain Create hunting rule
Author:	you
Description:	Detect any reference to .su domains or subdomains

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	Detect_Golang_Binary Create hunting rule
Author:	Andrew Morrow
Description:	Detects binaries compiled with Go

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	goLangMatch3 Create hunting rule

Rule name:	goLangMatch4 Create hunting rule

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	golang_duffcopy_amd64 Create hunting rule

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)