popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

66bdc869b864d_stealc_cry.exe

Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 21, 2024, 1:28 p.m. Aug. 21, 2024, 1:48 p.m.
Size 187.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 175e665a8d0021510549eb8557b01bbf
SHA256 9b86d8c73fa219bef3689dd13e7ab7996cf4007a5c72ea988de8690fb7b9ea48
CRC32 D40EB3A7
ssdeep 3072:y1VO1NFj5qD6o8KaxfE54HnnGiayl+beX8ntto0Q+FrJKa:y1Q1jj5q62aOanGiqbI36FdKa
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
193.176.190.41 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49162 -> 193.176.190.41:80 2044243 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://193.176.190.41/
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://193.176.190.41/2fa883eebd632382.php
request GET http://193.176.190.41/
request POST http://193.176.190.41/2fa883eebd632382.php
request POST http://193.176.190.41/2fa883eebd632382.php
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2640
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00330000
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
host 193.176.190.41
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealerc.tsCt
Elastic Windows.Generic.Threat
Cynet Malicious (score: 100)
CAT-QuickHeal Trojanpws.Stealerc
Skyhigh BehavesLike.Win32.Backdoor.ch
ALYac Gen:Variant.Zusy.546982
Cylance Unsafe
VIPRE Gen:Variant.Zusy.546982
Sangfor Infostealer.Win32.Stealerc.Vzlc
K7AntiVirus Trojan ( 005afa591 )
BitDefender Gen:Variant.Zusy.546982
K7GW Trojan ( 005afa591 )
Cybereason malicious.a8d002
Arcabit Trojan.Zusy.D858A6
VirIT Trojan.Win32.GenusT.DYTK
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Stealc.A
APEX Malicious
McAfee Artemis!175E665A8D00
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Malware.Stealerc-10034234-0
Kaspersky HEUR:Trojan-PSW.Win32.Stealerc.gen
Alibaba TrojanPSW:Win32/Stealerc.0efa8205
NANO-Antivirus Virus.Win32.Gen.ccmw
MicroWorld-eScan Gen:Variant.Zusy.546982
Rising Stealer.Agent!8.C2 (TFE:2:DQwxTsXk3kJ)
Emsisoft Gen:Variant.Zusy.546982 (B)
F-Secure Trojan.TR/AD.Stealc.apiml
DrWeb Trojan.PWS.StealC.4
TrendMicro Trojan.Win32.PRIVATELOADER.YXEHOZ
McAfeeD Real Protect-LS!175E665A8D00
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.175e665a8d002151
Sophos Troj/Stealc-AAB
SentinelOne Static AI - Malicious PE
Webroot W32.Stealerc
Google Detected
Avira TR/AD.Stealc.apiml
MAX malware (ai score=83)
Antiy-AVL Trojan[PSW]/Win32.StealerC
Kingsoft malware.kb.a.997
Gridinsoft Trojan.Win32.Agent.sa
Microsoft Trojan:Win32/Stealerc.GAB!MTB
ViRobot Trojan.Win.Z.Stealerc.192000.G
ZoneAlarm HEUR:Trojan-PSW.Win32.Stealerc.gen
GData Gen:Variant.Zusy.546982
AhnLab-V3 Trojan/Win.Stealerc.R660025
BitDefenderTheta AI:Packer.AB7DEE3D1E
TACHYON Trojan/W32.Agent.192000.SH