MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072
SHA3-384 hash: 5d831a6d2bb4b1d2c151106542929333d16912df24cee1310187e7a85f2d01bb1f357d4195541f1a36f5c291ca582cfc
SHA1 hash: 42ae1cb93a23736f0c75cc86d49304cb4e2b629f
MD5 hash: d12ee8164b6fe2bec742238f2149b34d
humanhash: fix-social-bakerloo-echo
File name:(2) Free Download Files.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:36'084'408 bytes
First seen:2025-12-10 20:13:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:IqiF/FEBbUvnI4WvdqCVGXPY9XhQOsYseq79oxtOFCERPM4s:Iq49RI4WvwYdQ7Y66xiCUk4s
TLSH T11887233A9E2C84D0FB07E7F2C9EB855944EB162012D268AA7B2875094D6F6D0D733F47
TrID 46.6% (.SH3D) Sweet Home 3D Design (generic) (10500/1/3)
35.5% (.XPI) Mozilla Firefox browser extension (8000/1/1)
17.7% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter aachum
Tags:78-40-193-126 ACRStealer RenPy RenPyLoader zip


Avatar
iamaachum
https://www.mediafire.com/file/exc2iipeo3zb9ib/Free+Download+Files.zip/file

ACRStealer C2: 78.40.193.126

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/af64f803-6fb4-49f4-810c-4f5fd44822df/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6939d467bde6a3e5970fff6c
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-10T11:18:00Z UTC
Last seen:
2025-12-11T06:30:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072/results?tab=lookup
Score:
67%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ivjr2s7umr4ob3hkcsziwxt2yodpszdorvfxhumjmqyjthdd6bza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 45531d4bf46478e0ecea14b28b5e7ac386f9646e8d4b73d1896430999c63f072

(this sample)

  
Link
https://tria.ge/251210-yga26a1lgp/behavioral1
  
Delivery method
Distributed via web download

Comments