Trojan

Trojan:Win32/Stealc.RPX!MTB information

Malware Removal

The Trojan:Win32/Stealc.RPX!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Stealc.RPX!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Stealc.RPX!MTB?



File Info:

name: 341F5F90BE7B651929E9.mlw
path: /opt/CAPEv2/storage/binaries/840d68da71a1bd7b625beb8a5a255b62c9f8a26d7e2490784db3d7c736ec278f
crc32: D296AD3E
md5: 341f5f90be7b651929e91e35cea9ee3b
sha1: 258c63fbbf44dea8cbacb8fde2be3f51d91a0551
sha256: 840d68da71a1bd7b625beb8a5a255b62c9f8a26d7e2490784db3d7c736ec278f
sha512: b0907b80e70cfb87d0495098bb695ca5525a285d95dcadda908f474fffe73564de7f8735d9afc560def3634deb741c3de187948afdb1d85b8c9367fa19aef441
ssdeep: 98304:HYbDxOiAVQ+EhOHoqF/spsmvYZx9ZbehEcvA7TPWcBlDv:4XxOvVQwHlNm8x9ZBEsTPWI5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E01633643BE41470F9D442B79578DBD98F8671626077AA0E87D4322CEFF2AC187B0762
sha3_384: ac455dc3df54da9a73ef1df957a8108c1c1f661e27b7d5a84b9c6a97b657ec2c6803ec0c90ffd133411c7b4170e890cf
ep_bytes: e83a2b0000e989feffff8bff558bec81
timestamp: 2023-07-27 12:00:44


Version Info:

FileVersion: 10.3.3.59
ProductVersion: 27.86.10.51
InternalName: Slupido
CompanyName: Torchok
Translation: 0x149d 0x0235

Trojan:Win32/Stealc.RPX!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.538544
FireEyeGeneric.mg.341f5f90be7b6519
SkyhighBehavesLike.Win32.Lockbit.rc
ALYacGen:Variant.Zusy.538544
MalwarebytesTrojan.MalPack.GS
SangforTrojan.Win32.Save.a
AlibabaTrojan:Win32/Chapak.1c174728
Cybereasonmalicious.bbf44d
BitDefenderThetaGen:NN.ZexaF.36744.@t1@aWEc06di
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32WinGo/RanumBot.AV
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Chapak.fhty
BitDefenderGen:Variant.Zusy.538544
AvastWin32:PWSX-gen [Trj]
RisingTrojan.Generic@AI.92 (RDML:l43+LxyR0uB7jHMGlxEtvw)
EmsisoftGen:Variant.Zusy.538544 (B)
VIPREGen:Variant.Zusy.538544
Trapminemalicious.moderate.ml.score
SophosTroj/Krypt-ADH
IkarusTrojan.Win32.Glupteba
GDataGen:Variant.Zusy.538544
GoogleDetected
AviraTR/RanumBot.yttss
Antiy-AVLTrojan/Win32.RanumBot
ArcabitTrojan.Zusy.D837B0
ZoneAlarmTrojan.Win32.Chapak.fhty
MicrosoftTrojan:Win32/Stealc.RPX!MTB
VaristW32/Kryptik.LPW.gen!Eldorado
AhnLab-V3Trojan/Win.Generic.R579250
McAfeeArtemis!341F5F90BE7B
MAXmalware (ai score=86)
Cylanceunsafe
TencentWin32.Trojan.FalseSign.Iajl
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HJIS!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Stealc.RPX!MTB?

Trojan:Win32/Stealc.RPX!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment