MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca
SHA3-384 hash:	f7d5742d002bbf0a9198e767beaedf5d071e4e4df735ecee928f2022da384f31d78db0c7b0afc349fdd6f683f6a565f7
SHA1 hash:	98a118841163879d0f76ab0975c3169eb44b9322
MD5 hash:	9d9f0ddd86d5eab3652a7e9f895e210c
humanhash:	july-december-high-berlin
File name:	SETUP.zip
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	25'792'669 bytes
First seen:	2026-03-31 12:35:37 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	393216:xqxBLGYtDkp+iOx3tDXRYPK7E5aMdPdg/b2t7zWxl1mcgl99gmRxlicqqdTZEwiR:oLGYt6MRs2qByCt7KrcNlJR6wi2TWCnA
TLSH	T16347339E183D21F0C5D5AA7DCD1A19F5C6A24B37EF58072B5E38820714B391E2A7723E
Magika	zip
Reporter	aachum
Tags:	ACRStealer dllHijack kl-wholeunfrosted-cfd zip

iamaachum

https://hostckyd1.it.com/ => https://getshared.com/dashboard/s/XZzz058bJ9T3

ACRStealer C2: kl.wholeunfrosted.cfd

Intelligence

File Origin

# of uploads :

1

# of downloads :

47

Origin country :

ES

Vendor Threat Intelligence

Gathering data

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69c2fd63aacb4c376b13a5cf

Tags:

n/a

Result

Verdict:

Malicious

File Type:

ZIP File

Link:

https://app.docguard.net/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca/results/dashboard

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca/results?tab=lookup

Score:

22%

Verdict:

Benign

File Type:

ARCHIVE

Link:

https://malprob.io/report/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca

Gathering data

Gathering data

Threat name:

Win32.Trojan.Kepavll

Status:

Malicious

First seen:

2026-03-31 04:02:54 UTC

File Type:

Binary (Archive)

Extracted files:

476

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=c2ubeftpmzejmaw33j2svogmdbj4l2zfjvbzphbvqu24x6kdflfa._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/260331-qd4ajadx8z/

Behaviour

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 16a812166f66489602dbda752ab8cc1853c5eb254d43979c358535cbf9432aca

(this sample)

DLL dll b6e579457bd4e516dbeb39f0d1a267555367c452558bb08e3333c289a922d550

Link

https://tria.ge/260331-pgdnlsat7m/behavioral2

Delivery method

Distributed via web download

Dropping

SHA256 b6e579457bd4e516dbeb39f0d1a267555367c452558bb08e3333c289a922d550

Dropping

MD5 f34db180067ac19a6909a6c665a12b0a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample