MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5
SHA3-384 hash: ac4eebb90a3634133aed63fd322e7a11e39a55a0037355b62d790c4b59be6942ff8aa94ecc3f41b621945b4fdd72568f
SHA1 hash: 68b8c3adb5f6f87a46c6e25aaaffd9f9cf0377e1
MD5 hash: 82f4411bc5a531965ac2fa32ad74f8f9
humanhash: stairway-nebraska-high-black
File name:i№st@113R ver.4.8__P@$$ 0071.rar
Download: download sample
Signature ACRStealer
Create hunting rule
File size:8'384'464 bytes
First seen:2025-04-11 19:55:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 196608:TSpmntBTlg7c+r/+Sf/atrqhigwyo2N03kCWyYXYQFQoczknn:TSp8/uc+rJf5yyoW03cTXYmUkn
TLSH T1E5863324332B75A2E9580AB90202E27C4B73F96C779E3567B1F8E648775C4871C78BC9
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter Anonymous
Tags:file-pumped rar


Avatar
Anonymous
Password manually removed from RAR file to allow automated analysis.

Original password was "0071"

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
NL NL
File Archive Information

This file archive contains 7 file(s), sorted by their relevance:

File name:snapshot_blob.bin
File size:316'538 bytes
SHA256 hash: 9b3a75a713e41bc73f219858fcac8e3031ba22732285ed3a64dc48074c725cc2
MD5 hash: c8950b01f336b05609976546b1a007e6
MIME type:application/octet-stream
Signature ACRStealer
File name:libEGL.dll
File size:493'056 bytes
SHA256 hash: 8649d77ace8e5753b9a10e7ae3349aafa9d8e3406ba9c8c36a59633a84b3c41b
MD5 hash: 39ccf402a62f068a8c573b45ea96154d
MIME type:application/x-dosexec
Signature ACRStealer
File name:vulkan-1.dll
File size:894'976 bytes
SHA256 hash: 376ff6892ec7b406acd8c455ac82f8541e59e3757195488ff04cd9f20d554562
MD5 hash: b6d3af84e8be0027741aa6077768789e
MIME type:application/x-dosexec
Signature ACRStealer
File name:resources.pak
File size:5'755'390 bytes
SHA256 hash: 268de4d99ab7c4f4ee32c8e8cb2b058a2c8d0d839f468ae8e8c0605feaa736ea
MD5 hash: 6772b597bf68622d934f207570e771b1
MIME type:application/octet-stream
Signature ACRStealer
File name:ffmpeg.dll
File size:2'929'152 bytes
SHA256 hash: af5f1bc9f6a73750fa0c7bf17439700cfb3ab23e1393f0c9899825417e319b54
MD5 hash: 5a168cb3ea9d0e7400baabf60f6ab933
MIME type:application/x-dosexec
Signature ACRStealer
File name:chrome_200_percent.pak
File size:228'644 bytes
SHA256 hash: 2c1b3e4b8a0cf837ae0a390fca54f45d7d22418e040f1dfea979622383acced6
MD5 hash: dc48a33bd20bfc7cacfc925a84b015b6
MIME type:application/octet-stream
Signature ACRStealer
File name:Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:734'015'223 bytes
SHA256 hash: f5b8fb4dcd91fec6f354aee6eb402179ff4b55a0f2f2ae36154cb7ddb54b31b3
MD5 hash: ec4e847e7234f9ed2af7ff321882b41e
De-pumped file size:147'456 bytes (Vs. original size of 734'015'223 bytes)
De-pumped SHA256 hash: 964ee138024c5d70380c801eb98b5887a27d3fb14e6a5844f84491a72b9e05b5
De-pumped MD5 hash: 361edacadde8fcc8ade7a6faf6943759
MIME type:application/x-dosexec
Signature ACRStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d9d476194f23322a70de22
Tags:
malware
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5/
Threat name:
Win32.Trojan.Hulk
Create hunting rule
Status:
Malicious
First seen:
2025-04-11 19:56:09 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bdvjg4fxelayndvz54ogyufz23rkp6tzuezrcgh5fof6fkq5zpkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

rar 08ea9370b722c1868eb9ef1c6c50b9d6e2a7fa79a1331118fd2b8be2aa1dcbd5

(this sample)

ACRStealer

Executable exe 964ee138024c5d70380c801eb98b5887a27d3fb14e6a5844f84491a72b9e05b5

  
Link
https://edu.vov.vn/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 964ee138024c5d70380c801eb98b5887a27d3fb14e6a5844f84491a72b9e05b5
  
Dropping
MD5 361edacadde8fcc8ade7a6faf6943759

Comments