MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc
SHA3-384 hash: 065a529446e601a7cf02a962545f984eb13a1de61e8174a8e2d6c0b8ac88daf287daee8e4efe4b65b67b37d67f9fdfe5
SHA1 hash: 7dadaa113639147a0f8c7222e30de6fb10998043
MD5 hash: 74b08f843e9ab1013fe032f38123d652
humanhash: lemon-maryland-yellow-winter
File name:SETUP.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:31'214'351 bytes
First seen:2025-11-02 13:52:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:KjX6nHvsqYcy+gPtIUYGFptoTS/QvqXbm:Kywc3gPtIRGFptPQsK
TLSH T14C673349DAE419F8C4CB732C961F9D87D3D01101F67A9A6F047199E6CFF87C6282898B
Magika zip
Reporter aachum
Tags:138-199-199-150 2265ca ACRStealer Amadey HIjackLoader IDATLoader zip


Avatar
iamaachum
https://fighthem.space/ => https://mega.nz/file/JNVDUCiL#UTlRJGnQA02d5gkMIRPxavP9SFHlfE3SxKOpY0Jhza4

ACRStealer C2: 138.199.199.150
Amadey Botnet: 2265ca
Amadey C2: http://mi.huffproofs.com/kaWt2QXfpPueNM/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
ES ES
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e6ae0f7f305fa2545db1e9
Tags:
downloader injection dropper
Verdict:
Unknown
Threat level:
n/a  -.1.0/10
Confidence:
100%
Tags:
expired-cert masquerade signed
Link:
https://www.filescan.io/uploads/6907625ea3d16310952878a3/reports/a1198e93-be7d-43ed-8b33-d398aee88296/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc/results?tab=lookup
Score:
45%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc
Gathering data
Threat name:
Win32.Trojan.Hijackloader
Create hunting rule
Status:
Suspicious
First seen:
2025-11-01 17:52:41 UTC
File Type:
Binary (Archive)
Extracted files:
544
AV detection:
18 of 23 (78.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=irzjsu4gxorrljlzlh5xe4ccxpofjqmg6idbbvqhh3qnimu2v36a._file
Result
Malware family:
hijackloader
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader discovery
Link:
https://tria.ge/reports/251102-r58j1aap5s/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 4472995386bba315a57959fb727042bbdc54c186f20610d6073ee0d4329aaefc

(this sample)

  
Link
https://tria.ge/251102-qshx5sbt6g/behavioral2
  
Delivery method
Distributed via web download

Comments