MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19470b30a51bfbe8e29967f70fc7336e01db009fe5e77c6f85893f742a11d8ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 18 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19470b30a51bfbe8e29967f70fc7336e01db009fe5e77c6f85893f742a11d8ad
SHA3-384 hash: a0b74790a6f83369af197b57d5f55eafb69221ee0797b5306f2526d2b32977175b86b38bdf9897167b3f94ed64b08068
SHA1 hash: 960e1473bef61923613ce4b6a6be4cc577a714e8
MD5 hash: 8081a94bd35e7fc6ae1e26971bc067a7
humanhash: six-low-glucose-arkansas
File name:i№st@113R ver.4.8__P@$$ 0110.rar
Download: download sample
Signature ACRStealer
Create hunting rule
File size:15'014'086 bytes
First seen:2025-05-21 19:03:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 0110
ssdeep 393216:yEYWwfher/PJNVXBGNlQvP9YCVXU4USn5FtQYW8D0:1UfY7RsQ9YQh7tQYW8D0
TLSH T142E6338B9FB729FE9A8366A181006116BC2709D34EA3C774AD1DE3D2C4D9CE85D34787
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter aachum
Tags:ACRStealer file-pumped pw-0110 rar


Avatar
iamaachum
https://chefupdates.rest/?cl=4 => https://mega.nz/file/6JtWyR4A#lSLrfrYwilrA_duX2UxvmTyBwQKCHOg-w6TNX-K1Nms

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
ES ES
File Archive Information

This file archive contains 19 file(s), sorted by their relevance:

File name:DOMDocument_schemaValidate_error1.phpt
File size:859 bytes
SHA256 hash: da18d9f318cb42a559f515efdb0e78c2806a91d5d54f5282b1339bbcff8b458e
MD5 hash: 30963f29c640b1bd3cd3592bfe5f24f2
MIME type:text/plain
Signature ACRStealer
File name:68731.gif
File size:1'130 bytes
SHA256 hash: c2fb874ace42891967c97fb2121a290735ec927b307d755ddf90bee47124dced
MD5 hash: 442e6b25bec98388ccdd9e4ae6eedc7a
MIME type:image/gif
Signature ACRStealer
File name:config.w32
File size:1'358 bytes
SHA256 hash: 21c668d529b786ecee6cc042736cff338504adee9a76f0608c5cdc0febf76558
MD5 hash: 7f7f4f2d7f3bd8e20959187db672b19f
MIME type:text/plain
Signature ACRStealer
File name:Qt5Widgets.dll
File size:6'226'432 bytes
SHA256 hash: 9829bdf2eb6d19f523c0c0306ea8f41afdc478635430695c2e016fdf0a025858
MD5 hash: 58e7f25df568d859dabbbd490de94dfd
MIME type:application/x-dosexec
Signature ACRStealer
File name:string_increment_various.phpt
File size:2'490 bytes
SHA256 hash: e9cc8e15107af7bb084eb44678d709bd7e4fc9954164d081aa72d077108196da
MD5 hash: 5c3b75607b99bafbf857bfc909c362ce
MIME type:text/plain
Signature ACRStealer
File name:bug68335.phpt
File size:235 bytes
SHA256 hash: a454a6eae7f932c7d41dc078f4e90bea431c1ed6e1b2cdaf79bf24ba75b5735e
MD5 hash: 47333a0bfb6ef78fe16cdd2b83feff24
MIME type:text/plain
Signature ACRStealer
File name:Dinogeng.vo
File size:65'647 bytes
SHA256 hash: b172e3f979dbbbe4c695607febff98059d6becb8ad05fca045a7f430281d9043
MD5 hash: 82532a6d13b85e0c93dfa3be77c2c767
MIME type:application/octet-stream
Signature ACRStealer
File name:bug74596.phpt
File size:1'112 bytes
SHA256 hash: 687e21dd6b5a7eaae7072b7579f665d32a6bb76d20a5d90f9b6cb2d5b61f52ec
MD5 hash: e577192ae3d5505f4f224d1e399a0845
MIME type:text/x-c++
Signature ACRStealer
File name:uasort_variation3.phpt
File size:2'009 bytes
SHA256 hash: 80bafd894a6ac703000677c76123ca96e79231f52fd36d7f14d8c4ce1dc37847
MD5 hash: e6d9f3a81c36b1a5ec26d0a7b9e374b2
MIME type:text/plain
Signature ACRStealer
File name:oss-fuzz-61865_binop_declared_property_unset_error_handler.phpt
File size:337 bytes
SHA256 hash: 56415a18082085eb0428d303d1f3e3460cba057fc2de801714f00c55201710fc
MD5 hash: 39c377e2da00847f6368e5f6a1346a4f
MIME type:text/x-c++
Signature ACRStealer
File name:Qt5Gui.dll
File size:6'398'976 bytes
SHA256 hash: 8f7c29d0c656b515f30870cca2666b6e9bc1be0152a64afabce19b1ada508ad7
MD5 hash: 8d28f304e1266da7a1d4bc53f57b0d66
MIME type:application/x-dosexec
Signature ACRStealer
File name:bassenc.dll
File size:16'448 bytes
SHA256 hash: 3b24b567fe34c59e6f77c7fc99e7b47eeedf4606bb3a35ef2a6118e4a8ca386c
MD5 hash: efd43a932ff1f7169d0fa65e09cc75ea
MIME type:application/x-dosexec
Signature ACRStealer
File name:bass.dll
File size:107'584 bytes
SHA256 hash: a3b00967d5c4ef1a2b4980183934d46ef36cee4b3dc1b2a6da1f820d63448390
MD5 hash: 9586e7be6ae8016932038932d1417241
MIME type:application/x-dosexec
Signature ACRStealer
File name:ftp_nb_put.phpt
File size:446 bytes
SHA256 hash: aece63711544704a4a72783d4135bd7e3d022b8d2466fd8cf8df555de7291f30
MD5 hash: ea333451db394ef3dd7de99ae404bc75
MIME type:text/x-ruby
Signature ACRStealer
File name:Qt5Xml.dll
File size:216'064 bytes
SHA256 hash: 8fbd5c6eb2010aa6a1a84532565c55c407b2f8c64305771a7f27ec36c85d2258
MD5 hash: 57ebe237c23b246d5822dcd6b4a0748d
MIME type:application/x-dosexec
Signature ACRStealer
File name:nls_neutral.c
File size:228 bytes
SHA256 hash: 98571e0822ee3be4791d79b8a3450df213e420cfc603aaa89a93f2ff3137a910
MD5 hash: 23ebfb7e6e04e52e2b34c21625e13246
MIME type:text/x-c
Signature ACRStealer
File name:Qt5Core.dll
File size:6'172'672 bytes
SHA256 hash: 3f732b612ac3d0b63d4d79d622026fb2267788075b181b9857dcda34e04aba4a
MD5 hash: 31d6613297d9060a0792c9a00447f352
MIME type:application/x-dosexec
Signature ACRStealer
File name:passByReference_008.phpt
File size:600 bytes
SHA256 hash: f4134ee069a9d5c26a60c923bc4aceb8e66c1c86f4667591386914cc727c2cdd
MD5 hash: 3e0b969efb36febd4cfb74cf9dc208f4
MIME type:text/plain
Signature ACRStealer
File name:Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:763'034'551 bytes
SHA256 hash: 99e2127f26c9f56ef57f097489d849c9eb517311d91a38fcbbf059001ddc49ed
MD5 hash: a3b5677f73a7e25f0f382740950f375b
De-pumped file size:12'239'872 bytes (Vs. original size of 763'034'551 bytes)
De-pumped SHA256 hash: 3e6b5aa0a81a480a6168f9f5023a5e4d6bf6732545e3ee561fb5d6caa338c0ee
De-pumped MD5 hash: c25961324e086a4761a3e365bdb6d1d7
MIME type:application/x-dosexec
Signature ACRStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682609a04a59e5a2ce04d920
Tags:
infosteal
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19470b30a51bfbe8e29967f70fc7336e01db009fe5e77c6f85893f742a11d8ad/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-05-21 19:04:34 UTC
File Type:
Binary (Archive)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfdqwmffdp56ryuzm73q7rztnya5wae74xtxy34fre7xikqr3cwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19470b30a51bfbe8e29967f70fc7336e01db009fe5e77c6f85893f742a11d8ad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BobSoftMiniDelphiBoBBobSoft
Create hunting rule
Author:malware-lu
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:html_auto_download_b64
Create hunting rule
Author:Tdawg
Description:html auto download
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA
Create hunting rule
Author:ditekSHen
Description:Detects Windows executables referencing non-Windows User-Agents
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:win_rat_generic
Create hunting rule
Author:Reedus0
Description:Rule for detecting generic RAT malware
Rule name:win_rat_generic
Create hunting rule
Author:Reedus0
Description:Rule for detecting generic RAT malware
Rule name:win_stealer_generic
Create hunting rule
Author:Reedus0
Description:Rule for detecting generic stealer malware
Rule name:win_stealer_generic
Create hunting rule
Author:Reedus0
Description:Rule for detecting generic stealer malware
Rule name:yara_template
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

rar 19470b30a51bfbe8e29967f70fc7336e01db009fe5e77c6f85893f742a11d8ad

(this sample)

ACRStealer

Executable exe 7ad38f22b1097c76959ba33a34418c9a5fbd9aa213196ce6c426b4e9e0ca0e80

  
Link
https://tria.ge/250521-xhr7dsgk8z/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 7ad38f22b1097c76959ba33a34418c9a5fbd9aa213196ce6c426b4e9e0ca0e80
  
Dropping
MD5 25e0273b1a3bd08f4e40fa6c10b9f054
  
Dropping
SHA256 3e6b5aa0a81a480a6168f9f5023a5e4d6bf6732545e3ee561fb5d6caa338c0ee
  
Dropping
MD5 c25961324e086a4761a3e365bdb6d1d7

Comments