MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

EternalRocks

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268
SHA3-384 hash:	558dae285248d2dd06e2f210d293bddd17beb34cf1a3be6528e4b54405d904a7527712e0a6f2f1ec21401dc1f46f6070
SHA1 hash:	1daf64b08f4c6c0b3eb19c05a5d2f03a91c8ca02
MD5 hash:	66e42acad2793b8a6de88f8ee4d5f9bd
humanhash:	enemy-princess-mirror-nuts
File name:	Free Download Files.zip
Download:	download sample
Signature	EternalRocks Create hunting rule
File size:	36'081'304 bytes
First seen:	2025-12-10 20:09:14 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	786432:QCmPLBlaXxsntMwSqbs1mJCVGXPbQXhQOsYseq7ko5879jDH9slv/:Q1jH5tMebsgYzQ7Y6B58h3+v/
TLSH	T13E87233A9A3CD4D0FB0F99B1EAB7814C44E3651921F298E67B24A6164C5F1C0DB3B74B
TrID	46.6% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3) 35.5% (.XPI) Mozilla Firefox browser extension (8000/1/1) 17.7% (.ZIP) ZIP compressed archive (4000/1)
Magika	zip
Reporter	aachum
Tags:	78-40-193-126 ACRStealer RenPy RenPyLoader zip

iamaachum

https://www.mediafire.com/file/04zhvqrvbazusq7/Free+Download+Files.zip/file

ACRStealer C2: 78.40.193.126

Intelligence

File Origin

# of uploads :

1

# of downloads :

60

Origin country :

ES

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/62e88fe3-a75f-48f6-9603-26e7fc19ed20/

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6939d3bea675b653bd0fde15

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

File Type:

zip

First seen:

2025-12-10T12:26:00Z UTC

Last seen:

2025-12-11T09:00:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268/results?tab=lookup

Score:

67%

Verdict:

Susipicious

File Type:

ARCHIVE

Link:

https://malprob.io/report/205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ebkcf5vigdj5jv7uem27ybhiszt5scvlsw3glvlqs2xbkttzujua._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 205422f6a830d3d4d7f42335fc04e89667d90aab95b665d57096ae154e79a268

(this sample)

DLL dll dd86a3e996b53b952e35477b7980929b1c43c42efec0eadc618115a22ffb86dc

Link

https://tria.ge/251210-yf7dzadn5v/behavioral2

Delivery method

Distributed via web download

Dropping

SHA256 dd86a3e996b53b952e35477b7980929b1c43c42efec0eadc618115a22ffb86dc

Dropping

MD5 6e3a24a6ad18efec6b48ba47a1bea659

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample