MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AmateraStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 32 File information Comments

SHA256 hash:	0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0
SHA3-384 hash:	4d28653fbfbddd0ffdcfe69c61592360652c0cc0eef3ae08f79ed0e2c81d8f2731bee023a15cd72ad3c4932d30436b68
SHA1 hash:	d8bb9ebc3229638b5b498d733ee347d2b94bfa9c
MD5 hash:	23891c9421f215a61952cd03408081cc
humanhash:	september-friend-item-romeo
File name:	0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0.zip
Download:	download sample
Signature	AmateraStealer Create hunting rule
File size:	1'354'868 bytes
First seen:	2026-06-05 06:58:29 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:5Cj8IL7axwYYzTxxs9BbTDzQkzH3qnJ3oIiaAoM6WR3/GgkSCm0B4:5pC99ztO99HheJ51AV6yySCxC
TLSH	T1235533C70189C4E4A371A3FEC9B0E4875EAE5B8BA5E910552D71EEA935C3DA45F33032
Magika	zip
Reporter	JAMESWT_WT
Tags:	AmateraStealer Click-Hijacking-TDS zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	QuickAccess.exe
File size:	4'723'260 bytes
SHA256 hash:	6fc9374fe5f1c972e20b02e7ae3098fa8d94c0a615d3fd19268ce654b5f58610
MD5 hash:	a9fe5f4ea0fe71e4d5b97450f42bd7ab
MIME type:	application/x-dosexec
Signature	AmateraStealer

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/ab5a3f66-bce7-492c-a949-2401407cbcf0/

Detection(s):

ditekSHen.MALWARE.Win.Trojan.RedLineDropper-AHK.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a22738ef8676ad4d36147cd

Tags:

redline autoit emotet

Result

Verdict:

Malicious

File Type:

PE File

Link:

https://app.docguard.net/0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context anti-debug anti-vm explorer fingerprint installer-heuristic keylogger lolbin microsoft_visual_cc overlay overlay reconnaissance

Link:

https://www.filescan.io/uploads/6a2273c846e44aecc0d0dcb8/reports/520149e4-e6a4-46bb-9c5e-610478216152/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0

Verdict:

Malicious

File Type:

zip

First seen:

2026-03-04T08:25:00Z UTC

Last seen:

2026-03-04T08:37:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0/results?tab=lookup

Score:

Verdict:

Benign

File Type:

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/260605-hxvthads8q/

Behaviour

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0a2a3c30a01b8bdd2f43ed3787cc46ebd40d11d7ea8672694dfe86e02c4efbf0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	certum_issuer Create hunting rule
Author:	Certum
Description:	Looks for files signed with certificate issued by Certum

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	detect_certum_issuer Create hunting rule
Author:	Certum
Description:	Looks for files signed with certificate issued by Certum

Rule name:	Disable_Defender Create hunting rule
Author:	iam-py-test
Description:	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	Suspicious_Process Create hunting rule
Author:	Security Research Team
Description:	Suspicious process creation

Rule name:	Sus_All_Windows_PE_Malware Create hunting rule
Author:	DiegoAnalytics
Description:	Detects Windows PE malware of all types, avoids non-executables like .html

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample