MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e
SHA3-384 hash: 87ca809c6b4f9befcc1b7243c79b086156f65d5268083ebf32dd961051483f5c36942d900321c88b19dc9d5d1298e387
SHA1 hash: d713efc706c7b450e72ad7e210c1ae63194db571
MD5 hash: 30edf922187e578720c7b14aa1e38d76
humanhash: stairway-illinois-march-red
File name:Free Download Files.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:35'632'218 bytes
First seen:2025-12-11 17:08:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:ZfpVSMnhZwVNXVCVGXPkuXhQOsYseq7to0fH2Jh2KNGCR:Zhph23YSQ7Y6qo2JhUCR
TLSH T14377333D5A1D99F0FB4FE1B1E266840C40D21620A1B668AE7B3C36198D9F5D07B3276F
TrID 46.6% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
35.5% (.XPI) Mozilla Firefox browser extension (8000/1/1)
17.7% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter struppigel
Tags:ACRStealer game Python RenPy zip


Avatar
struppigel
Via hxxps://www.mediafire(dot)com/file/3zpsx9kezy4h0wo/Free+Download+Files.zip/file

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/7e5132db-e296-4398-b3d6-af08e4405c5e/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693afac6bde6a3e59710607e
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-11T03:54:00Z UTC
Last seen:
2025-12-12T06:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e/results?tab=lookup
Score:
67%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hqeg45uuf6472pi6iocotqjcrqrhyaghrxbj7ssrf3mv52iz5zpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3c086e76942fb9fd3d1e4384e9c1228c227c00c78dc29fca512ed95ee919ee5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments