MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685
SHA3-384 hash: 1e730075a904bd304659f2d9a178f7dd9ffed85717893db373f2849b096a6f6397cf53f56ac731e20e9d799e93af516c
SHA1 hash: 4c8b4b04c00b1e22b86afdf008be09d8dd161d29
MD5 hash: 7ce71b59146ed7e049023bcbfcda4bb1
humanhash: quiet-yankee-three-florida
File name:SETUP.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:23'109'318 bytes
First seen:2025-11-23 15:54:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:foLCZ19GAJidcz4eCBAyJ8IdYvZXqi/tD52472jjt41aWvt03AMxJUJYKRHCOHd:fYu1YMCsIdYvZXqeB5Bm54AWvt03AMxE
TLSH T12537336ABA4C216EC4D331752BB50AFE4BF550C299706919209E27F2ACEBFEC050F754
Magika zip
Reporter aachum
Tags:46-62-234-82 ACRStealer HIjackLoader IDATLoader zip


Avatar
iamaachum
https://systemsecurenow.icu/ => https://mega.nz/file/fZVkxRyQ#XrmchKgFBZ_RvERWQ8SarY5zkzXO8m0OfmgbwsrJ-HA

ACRStealer C2: 46.62.234.82

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
ES ES
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e6ae0f7f305fa2545db1e9
Tags:
downloader injection dropper
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
42%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.00 SOS: 0.18 SOS: 0.20 SOS: 0.21 SOS: 0.22 SOS: 0.23 SOS: 0.24 SOS: 0.25 SOS: 0.26 SOS: 0.27 SOS: 0.28 SOS: 0.29 SOS: 0.36 SOS: 0.38 SOS: 0.40 SOS: 0.59 Zip Archive
Link:
https://app.malva.re/file/7ce71b59146ed7e049023bcbfcda4bb1
Gathering data
Threat name:
Win32.Trojan.Rugmi
Create hunting rule
Status:
Malicious
First seen:
2025-11-23 15:54:30 UTC
File Type:
Binary (Archive)
Extracted files:
806
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q232nzktkooftbxtngexmdl2nbduqeqfjnzy24ro6rjt5oqey2cq._file
Result
Malware family:
hijackloader
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader discovery
Link:
https://tria.ge/reports/251123-tn93lsylbv/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 86b7a6e553539c5986f36989760d7a68474812054b738d722ef4533eba04c685

(this sample)

anyrun
any.run
https://app.any.run/tasks/02b4f7d9-d5fa-43aa-b9c5-5a4a368388bd
  
Delivery method
Distributed via web download

Comments