MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 028bc6de3033f51fe9602e5e3036abdef26e49b581a332f3a67ee5dd981b7f30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MythStealer


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 028bc6de3033f51fe9602e5e3036abdef26e49b581a332f3a67ee5dd981b7f30
SHA3-384 hash: 72ef317f6940eb8420d31c40c53d5f2fdc1f302fa86bc7d5c89239cdf65d3675bf593117f163473bc01b71c0976de3c3
SHA1 hash: 013522bb2ce4c3e4e4739d7553caf816078e21b1
MD5 hash: 2c5c6efe198473409c8abf3ba6723a81
humanhash: leopard-mike-march-connecticut
File name:loader.rar
Download: download sample
Signature MythStealer
Create hunting rule
File size:76'898'236 bytes
First seen:2026-03-05 15:43:11 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1572864:FP7dicTwX+9zpLMN0rKozsmqVoL7ePpxqfjjObqDjwbBrg2TE:FhicMX+Hw02ojooLCh4rqbqXE9TE
TLSH T1E1F733E9DD2CBD75D3247271C0F19277DC6DA2EC4526D6E7BEDA001F84A086D20CBA4A
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:file-pumped MythStealer rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
NL NL
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:Rage.ini
File size:798 bytes
SHA256 hash: b4d75934f4cd7259084c02b6f7400838d1cf21d09b3f446470911429b9aacbb3
MD5 hash: d54f9e38aa2fbec15c5860bb59fd80b8
MIME type:application/x-wine-extension-ini
Signature MythStealer
File name:Aimbot.dll
File size:112'496 bytes
SHA256 hash: 62ad162d21bfa0158b44882a60ccc8fcdcff255cbea855dc7a36b61803965dfa
MD5 hash: ed4d958ddbe6eb4c5d84c4d0e6aeba95
MIME type:application/x-dosexec
Signature MythStealer
File name:Misc.dll
File size:68'128 bytes
SHA256 hash: 87ecdc6ce7f8c29f0a7ae625f6b7d9c497610996ec01ccc129abdfd8bd9b8cfe
MD5 hash: bb99b31923f507120908c9d1b05af7cf
MIME type:application/x-dosexec
Signature MythStealer
File name:Legit.ini
File size:301 bytes
SHA256 hash: 60457390f70237259a5e6b98199e42bb8087f0c36c238c4c1652a74698e74dae
MD5 hash: 0ba3fb5b100cf5c31f9f2c340dfe51ac
MIME type:application/x-wine-extension-ini
Signature MythStealer
File name:Loader.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:173'589'855 bytes
SHA256 hash: f9307a0d25a9b9ff14b6b218e03c1a8d5525912968df2856b145b9aace215d76
MD5 hash: f06d771e1bd31a621bbdaa829667bfe6
De-pumped file size:89'345'536 bytes (Vs. original size of 173'589'855 bytes)
De-pumped SHA256 hash: a246f2bfb779f3f2f1de7ce7ba761c92359a95d80a3ec1c744f491cec680562f
De-pumped MD5 hash: 3c9c9de290bd5e0f28839976cdb8532b
MIME type:application/x-dosexec
Signature MythStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/bdca388e-013f-4644-97e8-d9cb0d23a409/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a9a4c6002d37d5c98416c0
Tags:
virus
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/028bc6de3033f51fe9602e5e3036abdef26e49b581a332f3a67ee5dd981b7f30
Verdict:
Malicious
File Type:
rar
Link:
https://opentip.kaspersky.com/028bc6de3033f51fe9602e5e3036abdef26e49b581a332f3a67ee5dd981b7f30/results?tab=lookup
Gathering data
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-03-04 07:36:17 UTC
File Type:
Binary (Archive)
Extracted files:
226
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=akf4nxrqgp2r72lafzpdanvl33zg4snvqgrtf45gp3s53ga3p4ya._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery persistence trojan
Link:
https://tria.ge/reports/260305-xjzymaft8j/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

MythStealer

rar 028bc6de3033f51fe9602e5e3036abdef26e49b581a332f3a67ee5dd981b7f30

(this sample)

f9307a0d25a9b9ff14b6b218e03c1a8d5525912968df2856b145b9aace215d76

  
Dropping
SHA256 f9307a0d25a9b9ff14b6b218e03c1a8d5525912968df2856b145b9aace215d76
  
Dropping
SHA256 a246f2bfb779f3f2f1de7ce7ba761c92359a95d80a3ec1c744f491cec680562f
  
Dropping
MD5 3c9c9de290bd5e0f28839976cdb8532b

Comments