MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 15


Intelligence 15 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c
SHA3-384 hash: 6b850298035f1fe226513fcf3429e9cfd2dcae03d47513f725e82e289a92243b5c722c114cef67a3b0e84741151f3bd8
SHA1 hash: 6bab4ac0152563f573c9316e7ae6d4d5ba2d1bb1
MD5 hash: c8082ca776eac4a21a3fa9986c4bed65
humanhash: bakerloo-tennessee-muppet-mexico
File name:c8082ca776eac4a21a3fa9986c4bed65.exe
Download: download sample
Signature Stealc
Create hunting rule
File size:272'896 bytes
First seen:2023-03-28 07:07:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2f460961725ca1bacd7af1f08dcd53a6 (6 x Smoke Loader, 6 x RedLineStealer, 2 x Stealc)
ssdeep 3072:c1s88rMXyw+KdkZLkPAy2uFo5SloJ6pL78cgjEqQFkvpslmOQPqqa712Pj5qlLWr:Uj8I+6kZLWA3uFo/6J8hTrqlm3471n
Threatray 73 similar samples on MalwareBazaar
TLSH T18644D0223291C473E95746B58925C7B5AEFBBC708B1986CB2B44027E1E307E1DF7934A
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0020204c229a8684 (1 x Stealc)
Reporter abuse_ch
Tags:exe Stealc

Intelligence

File Origin
# of uploads :
1
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
c8082ca776eac4a21a3fa9986c4bed65.exe
Verdict:
Malicious activity
Analysis date:
2023-03-28 07:11:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0669734b-5971-47d1-bf59-ec9bcafb0c4f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/378097/
Detection(s):
Win.Packer.pkr_ce1a-9980177-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/75360/overview
Behaviour
MalwareBazaar
SystemUptime
CPUID_Instruction
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
babar gandcrab greyware lockbit packed ursnif
Link:
https://www.filescan.io/uploads/642292531770808abe9b83f2/reports/c8e8b98d-587c-4e0c-88f3-5c914f0119b6/overview
Verdict:
Malicious
Labled as:
Ser.Babar.Generic
Link:
https://www.hybrid-analysis.com/sample/db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Stealc
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/42968dda-7f77-4a69-aa7a-adce34305851
Result
Threat name:
Stealc
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1203277
Signature
C2 URLs / IPs found in malware configuration
Country aware sample found (crashes after keyboard check)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking locale)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Stealc
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c/
Threat name:
Win32.Spyware.Stealc
Create hunting rule
Status:
Malicious
First seen:
2023-03-27 16:46:06 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
24 of 24 (100.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3nrnfzcovc44ctz44sl4uc3fp7krcbgojcqw2h3k4oxxd5mg2b6a._file
Verdict:
malicious
Similar samples:
64b0d4ff01dc13572b748c0caa19d797aa6841994a90e5643d23dd5c692c0f17
Stealc
7142024b96ed0fd9f6445788ae1aad3e3e61dc0af44b7564c5e55591256d22aa
Stealc
87314838047125700260d065feaef4202abb6dd60dba26890ce8a759aef3079e
Stealc
9e1cc2a7e7a7cc723e5b5f7a8c168444dbe69250621ab831d255cef422a5b210
Stealc
d235538772b86e3ef1e4cd2f00d4b7931c8bc622d29aad39b7e3a6a465a1c669
Stealc
d25cffb62ca775b060887e2943ddfafe2b183f038e2e416b637fe51853185ddd
Stealc
eac0b62e9376be4193ebf3acb465bbc8e766429378e5514ba5d1c32f5ec4dcc1
Stealc
f9065a3e8905c4433fb9df4dbff6a8c6645cfb12291dcdc1a3e7148f46e2762e
Stealc
+ 63 additional samples on MalwareBazaar
Result
Malware family:
stealc
Create hunting rule
Score:
  10/10
Tags:
family:stealc discovery stealer
Link:
https://tria.ge/reports/230328-hx8elahe59/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Program crash
Checks installed software on the system
Detects Stealc stealer
Stealc
Malware Config
C2 Extraction:
http://joscramp.top/410b5129171f10ea.php
Unpacked files
SH256 hash:
a9200cfb3565dabeee166a35586b5edd13cc491ed670a71f9e8c1300b563c178
MD5 hash:
bb6d0cfa9f73349ee6fde707cbba6084
SHA1 hash:
f64d83af428552031462819894c7eca94c89dbda
Detections:
stealc
Create hunting rule
Link:
https://www.unpac.me/results/2fa9ef53-2ee8-43b1-83d9-046f0381264a/
Parent samples :
f639530345c52597fc8d4f6ccc98b71f03088a0c330a7df97cf4e3099da918b1
5dfb1e4c32c994d72e8a7553a3bde80ba2e35e5dc4c38553effa8331849297a9
d25cffb62ca775b060887e2943ddfafe2b183f038e2e416b637fe51853185ddd
87314838047125700260d065feaef4202abb6dd60dba26890ce8a759aef3079e
db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c
SH256 hash:
db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c
MD5 hash:
c8082ca776eac4a21a3fa9986c4bed65
SHA1 hash:
6bab4ac0152563f573c9316e7ae6d4d5ba2d1bb1
Link:
https://www.unpac.me/results/2fa9ef53-2ee8-43b1-83d9-046f0381264a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Stealc

Executable exe db62d2e44ea8b9c14f3ce497ca0b657fd51104ce48a16d1f6ae3af71f586d07c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2587179/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2587559/
  
URLhaus
https://urlhaus.abuse.ch/url/2587554/
Cape
Cape
https://www.capesandbox.com/analysis/378097/

Comments