MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stealc


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871
SHA3-384 hash: 73eca2c556fd26850a2fa6b5d32034a10c375f9902a2ad60ba8c6d98b3d097042e1bac85d27a92149b0c5492c2accb64
SHA1 hash: c877c3195df1bfd019d87c87058f891f418969cb
MD5 hash: b24197c779708a1437fc10372e925eae
humanhash: texas-magnesium-steak-maryland
File name:List of allergens for Patteh Shahrzad.pdf.exe
Download: download sample
Signature Stealc
Create hunting rule
File size:1'791'488 bytes
First seen:2023-07-08 19:05:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 66577bc3497ef68ae9b2fa2ab5b37e85 (1 x Stealc)
ssdeep 24576:nQRCi7YZncYn0C8j9AGVhm/zfkaO8EAcZFTscDfDb:Q37YRm98kaO/ZdRD7b
Threatray 223 similar samples on MalwareBazaar
TLSH T14785C68AF9D2DCA0CBE841367784C929D914BE301E06E85DB6DBF35B25760C9D10EB27
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon c69a38364242c2c4 (1 x Stealc)
Reporter SquiblydooBlog
Tags:exe Stealc

Intelligence

File Origin
# of uploads :
1
# of downloads :
356
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
List of allergens for Patteh Shahrzad.pdf.exe
Verdict:
Malicious activity
Analysis date:
2023-07-08 19:06:26 UTC
Tags:
stealc trojan stealer loader
Link:
https://app.any.run/tasks/5d48478b-7921-4d0c-9cf2-d03e409d5db6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/412185/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Sending a custom TCP request
Running batch commands
Creating a process with a hidden window
Launching a process
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/96622/overview
Behaviour
MalwareBazaar
CPUID_Instruction
CheckCmdLine
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
anti-debug explorer lolbin masquerade
Link:
https://www.filescan.io/uploads/64a9b39bd0e54b152c5a822c/reports/602b20bb-c760-4119-a5d9-742f1439eee9/overview
Verdict:
Malicious
Labled as:
GenKryptik.GLPY trojan
Link:
https://www.hybrid-analysis.com/sample/f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/067153c5-53c2-4e7e-896a-8675ca3a138a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871/
Threat name:
Win32.Spyware.Stealc
Create hunting rule
Status:
Malicious
First seen:
2023-07-08 19:06:06 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
11 of 23 (47.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6jcknfglb6br4p6wr3puqrceoabxqedl4x7ahtc3hx6wcjjtdbyq._file
Verdict:
malicious
Similar samples:
19427b9f9fffb7a1518d34f453ea37aefc298b157c8f15a4f1ddd8ca0df00eda
Stealc
1cc4fab54263dfa842c80a72b78a9c223894264b9b4f25263d8fdc2f69def8a1
Stealc
2ac28f2913c6e2d231d0b67b49a3491f4046221a42ca349f586e0532ac257575
Stealc
3bfaaf7436f93dff822a8c0f81f2e805f1c6855da29e1ee3ddd6d18c04744ae8
Stealc
4053220e58d30e514ab543a64e3854e7c411bfa084c000172cdfe6d3e8f65875
Stealc
5069d4603ed9201d98988deb46e1e5627d622f47a498b3decb96ae1b02da3496
Stealc
5edb99afba36f3aa19c0b065b263b65e27d37d588c5441d5f9518e8423480344
Stealc
7c397e8792e6dbc64b6d5fd80a2ed4d82e76c1e0e9d7a262f089e1c1e8c438df
Stealc
99cd4e51fb0f2d9ba76ee4d12afd5c3cd096f0c390ecf657ea3a3d78158451ef
Stealc
c1e64e86dd89a5820bbb518ead2176741f91d3bf5c579e154533d44e816c1f76
Stealc
+ 213 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/230708-xr23ysad7y/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Unpacked files
SH256 hash:
03833086b4705d343f299c1639db1a242cd508d4f118d55ca427cb1c5517b589
MD5 hash:
84cd8d399b4f8d0f4272186849b2b1ec
SHA1 hash:
05d9c4d14494501f6a738e9dee3460e29f7f77b0
Link:
https://www.unpac.me/results/9ec92fc8-8792-4a0b-9289-d96599c38eab/
SH256 hash:
f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871
MD5 hash:
b24197c779708a1437fc10372e925eae
SHA1 hash:
c877c3195df1bfd019d87c87058f891f418969cb
Link:
https://www.unpac.me/results/9ec92fc8-8792-4a0b-9289-d96599c38eab/
Malware family:
Stealc
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f244a694cb0f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f244a694cb0f831e3fd68edf484444700378106be5fe03cc5b3dfd6125331871

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/412185/

Comments