MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a
SHA3-384 hash: 65d4a6dc72319aeb0f2eef229da4f6a00d48d43b09441ae80931919cea9ab59366b9aacf32805fab004cedfc55cb9bcf
SHA1 hash: 9c0902d211b25f6a6445c27a2455d340f49bafc3
MD5 hash: 0761c3a35cd645552b3dccc7ae66de6a
humanhash: mockingbird-oranges-ack-quiet
File name:WarLauncher.zip
Download: download sample
Signature RustyStealer
Create hunting rule
File size:11'507'609 bytes
First seen:2026-03-15 04:37:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: 2026
ssdeep 196608:fTUDyDI54yl0z7L0Gu9kY+mD07LDtHUqY7Gft6IJMMnp:fTUDr2z7LDaox2OoPMp
TLSH T1DAC633043AB87BD92F8764F2405B49F2AD10E53A7B1D0ADFD46427FCA327248D347A99
Magika zip
Reporter tcains1
Tags:pw-2026 RustyStealer zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
US US
File Archive Information

This file archive contains 14 file(s), sorted by their relevance:

File name:Launcher.exe
File size:263'776 bytes
SHA256 hash: 1dd1803c21c9cd023de85c231135fd08019ed97124c29311ce8d13353e3d4f14
MD5 hash: cbf4f812b6790c98bd1dc7eaf45ca696
MIME type:application/x-dosexec
Signature RustyStealer
File name:base_47.sdata
File size:537'678 bytes
SHA256 hash: bc069c88a507d310e4a0cb32a408d1a1446ef80e7605d750784702a778d19e52
MD5 hash: e61a10d51ad9b1e6bae9f9f71f2d553c
MIME type:application/octet-stream
Signature RustyStealer
File name:app_3.000
File size:570'509 bytes
SHA256 hash: f4ef8051122ca6e377baecdbfdcc17af17d540d0196d050afaddd9dd292ad9b0
MD5 hash: b9da6e4bc598bf27264bfc3d1c521577
MIME type:application/octet-stream
Signature RustyStealer
File name:app_41.dll
File size:904'797 bytes
SHA256 hash: c51f766cb9171a5a3c2e13137d31d175aa2a0b2dbc82f6ab805be15324511272
MD5 hash: 161acfcca495659309a756604bedf05c
MIME type:application/octet-stream
Signature RustyStealer
File name:app_34.dll
File size:541'181 bytes
SHA256 hash: 0d1ff39cb80c66fcf7bda38291fc307de7471469566e3b892ed55b5674f8c749
MD5 hash: ee858892de9a3a05223e971b4f764ca5
MIME type:application/octet-stream
Signature RustyStealer
File name:added.txt
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Signature RustyStealer
File name:app_49.sdata
File size:640'239 bytes
SHA256 hash: 03049669496de25a0c6138342f8da9454865dc8d59f7b272060b027678fe609b
MD5 hash: 86f6243590af9ce3a7427e2b530d6eef
MIME type:application/octet-stream
Signature RustyStealer
File name:archive_9.002
File size:599'194 bytes
SHA256 hash: ff68a98b2511aaf8c8e490c2f256ee7eae2c1bf56f114ca79536038086466ba5
MD5 hash: 3de709044e3d4d786a40204fa72db7d7
MIME type:application/octet-stream
Signature RustyStealer
File name:base_5.data
File size:672'006 bytes
SHA256 hash: 4d35dab9fcbe26ffc5fe255806960c9e2b974da9745f3e016758bd74db129a58
MD5 hash: 8a2cbe90d90e97ea44c249c553e6d9b2
MIME type:application/octet-stream
Signature RustyStealer
File name:app_53.000
File size:974'435 bytes
SHA256 hash: bc3ef0d14c2a5cbd7eca2b95d82922fb22061b5c0b3c6d365e1f8b980041b2b1
MD5 hash: aa7dfee78615b9ee551150adb277ae39
MIME type:application/octet-stream
Signature RustyStealer
File name:app_56.dll
File size:807'541 bytes
SHA256 hash: ef574564bcdf2967ad5f32be337ebd32edf7164fae85651a4e0059a8e7f75da0
MD5 hash: a8d8a6798989dfef87fd32f69416ab22
MIME type:application/octet-stream
Signature RustyStealer
File name:app_78.001
File size:834'521 bytes
SHA256 hash: b252519a9be3c0c5238ba25e343f278b531285d1b8c4b459f6ab70a9ecbfcf99
MD5 hash: 0f04a5b51f2f572ae8463f5d477ccf3e
MIME type:application/octet-stream
Signature RustyStealer
File name:archive_14.000
File size:998'724 bytes
SHA256 hash: 9108303d2569795f19b5c881810e83183a3dfa52c71062362c90e2b56808f1f7
MD5 hash: 6035fd9ce6435fd54aeabe0324a9aeca
MIME type:application/octet-stream
Signature RustyStealer
File name:iviewers.dll
File size:4'669'952 bytes
SHA256 hash: 72086688560d9c0d5b30adb6c960039fab9aa339d77344ce4068e70515baaa83
MD5 hash: cba3ceb736d8367c7bc56e913e466f28
MIME type:application/x-dosexec
Signature RustyStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5ca63b7b-b0d6-4a66-bb3b-34df564850dc/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b6378693b644ca466a3445
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a/results?tab=lookup
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a/
Threat name:
Win32.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2026-03-13 12:34:03 UTC
File Type:
Binary (Archive)
AV detection:
6 of 22 (27.27%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ckz47okzwa4zood6mdu7ytt2uhwvt3mbdsyhoa2h6kpmf53z5i5a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
credential_access defense_evasion discovery execution persistence spyware stealer
Link:
https://tria.ge/reports/260315-hbychadt7w/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RustyStealer

zip 12b3cfb959b03997387e60e9fc4e7aa1ed59ed811cb0770347f29ec2f779ea3a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3796541/

Comments