MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a
SHA3-384 hash:	896408dd99d296e5e954285b326c984ea0f73167f10d119f48d5deb93859a0147eba7f67ea74d426c46e5d96ab5e7f4a
SHA1 hash:	479e0d0d2cce522161bea1551089fb4d8a150dae
MD5 hash:	12a6f46954d25f70105637f3fe6bca29
humanhash:	solar-floor-eight-mirror
File name:	SETUP.zip
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	58'675'513 bytes
First seen:	2026-05-15 20:28:50 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	1572864:3V+BnWdmU3zyeGrYw+/a7ZOSjtWibf2yt+QJUNE:IEdm5hrrXOSxWEOytR
TLSH	T199D7338C9CD8C9DCF7B6C1BB1C20D01C5A5A7725FC1C2C26ACE49482DE8FDA7588D969
Magika	zip
Reporter	aachum
Tags:	ACRStealer apigrokcloud-icu HIjackLoader IDATLoader zip

iamaachum

https://hostckyd2.it.com/ => https://www.mediafire.com/file/vwte4d8ejoc5an0/D0WNL0AD+SETUP+FILE+(KEY-3521).zip/file

ACRStealer C2: apigrokcloud.icu

Intelligence

File Origin

# of uploads :

1

# of downloads :

49

Origin country :

ES

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/49b321cf-c558-4152-92b0-750d965271fb/

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a065a3d953bbcef1c905bcd

Tags:

infosteal

Result

Verdict:

Malicious

File Type:

ZIP File

Link:

https://app.docguard.net/0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a/results/dashboard

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a

Verdict:

Malicious

File Type:

zip

First seen:

2026-05-15T18:33:00Z UTC

Last seen:

2026-05-16T14:59:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

ARCHIVE

Link:

https://malprob.io/report/0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a

Gathering data

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-05-15 15:12:40 UTC

File Type:

Binary (Archive)

Extracted files:

774

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bz4u7ejtwolxazoxfn5twpezgwvejh33gw7vl3wf2gl6dju65q5a._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 0e794f9133b3977065d72b7b3b3c9935aa449f7b35bf55eec5d197e1a69eec3a

(this sample)

DLL dll 7b0665438ef9c8e4989a8222c713f8c84e2ac5e710117cca6fcb2572da975382

Link

https://tria.ge/260515-wg8bjsdw51/behavioral2

Delivery method

Distributed via web download

Dropping

SHA256 7b0665438ef9c8e4989a8222c713f8c84e2ac5e710117cca6fcb2572da975382

Dropping

MD5 d4b599752def2b749410a911a91ad9d6

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample