MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59dd0595be88e40972ca3d6f73f5329110a69f54e579c4a2e065b4396d3aba8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59dd0595be88e40972ca3d6f73f5329110a69f54e579c4a2e065b4396d3aba8e
SHA3-384 hash: 093d952db80a42de2fea546923e61c98d6333a6f6219bbd5f5ddc18bd751f33e5e814a1bf00a0aa9977abf855445f393
SHA1 hash: 43beb9251c23485cf23f268efe2ba5776fd6564b
MD5 hash: 82c8da89c0ffa9ed0fa7f5011d7b3c39
humanhash: south-south-may-johnny
File name:i№st@113R ver.5.3__P@$$ 0153.rar
Download: download sample
Signature ACRStealer
Create hunting rule
File size:6'321'582 bytes
First seen:2025-08-04 20:28:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 0153
ssdeep 98304:isBJ/700mp6KAgH3O2IDIbetZQsQujepBLC+rl7GPPnQcoGLeCVZH/7XtiYTU:is7Pli+LDIe+sQvpxXh+QconCPf7dDo
TLSH T1EA5633F68E2F5F09325D3CD6D623BD35329CE53A2705D080AFAA8279A58DD60EB405CD
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter aachum
Tags:89-23-107-212 ACRStealer HIjackLoader IDATLoader pw-0153 rar


Avatar
iamaachum
https://fritteronscreen.top/?cl=4

ACRStealer C2: 89.23.107.212

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
ES ES
File Archive Information

This file archive contains 39 file(s), sorted by their relevance:

File name:Setup.exe
File size:2'513'640 bytes
SHA256 hash: 44f009ca786bc541cda11c61bab7b272e96ce9e3d656c10bdac2e126f3a9cc35
MD5 hash: a4b240cce6e3da6e959f33bd82394034
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-synch-l1-2-0.dll
File size:18'384 bytes
SHA256 hash: 9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
MD5 hash: 659e4febc208545a2e23c0c8b881a30d
MIME type:application/x-dosexec
Signature ACRStealer
File name:Tachookteb.lbv
File size:934'354 bytes
SHA256 hash: e95ee210473df92d909b677856a2b80ae437936cba34b5273ff0efa3484fc927
MD5 hash: 940792cff9652a86b9e07e95cc060745
MIME type:application/octet-stream
Signature ACRStealer
File name:NLEService.dll
File size:295'936 bytes
SHA256 hash: 15c4860f2e0530bc896f9b07f893b32b13cffe40c909293b6232bd5696a5f71a
MD5 hash: 77bffd6a7270bf001aaba999de8394f9
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-timezone-l1-1-0.dll
File size:18'384 bytes
SHA256 hash: a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
MD5 hash: 69df2cce4528c9e38d04a461ba1f992b
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-profile-l1-1-0.dll
File size:17'360 bytes
SHA256 hash: d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
MD5 hash: 6ee66dca31c5cce57740d677c85b4ce7
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-process-l1-1-0.dll
File size:18'896 bytes
SHA256 hash: 542a22540cdb7df46d957a0208d50507916f7c737bea833931239d56ebe8d68c
MD5 hash: 66f4e530a19ed2f6862b5ce946437875
MIME type:application/x-dosexec
Signature ACRStealer
File name:NvStWiz.prx
File size:442'680 bytes
SHA256 hash: c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
MD5 hash: 9e82e3b658393bed3f7e4f090df1fbe7
MIME type:application/x-dosexec
Signature ACRStealer
File name:ExceptionHandler.dll
File size:131'584 bytes
SHA256 hash: 6036be1c9a8819998ad10879dff6c04edc787d34a142a3e0841c0fca36fb9c6e
MD5 hash: 7c76e3100bd67c47f176a0edde3ef79a
MIME type:application/x-dosexec
Signature ACRStealer
File name:tradingnetworkingsockets.dll
File size:4'249'928 bytes
SHA256 hash: fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
MD5 hash: 3cf26ce759c5e261fe3ecc6451b8b08e
MIME type:application/x-dosexec
Signature ACRStealer
File name:BugSplat.dll
File size:303'568 bytes
SHA256 hash: 4b33ee0e8a4153c0c8ccd945adb18d8f91b5b824746a15986bf6781f081f9968
MD5 hash: 27d48c6c48d5259a4e2ad7be369ce906
MIME type:application/x-dosexec
Signature ACRStealer
File name:WsBurn.dll
File size:2'504'192 bytes
SHA256 hash: 8fcae9719a3f831cb73ef50b587a6222ff73d6c1a6ae617636cb31c6e02d5e3a
MD5 hash: c6328e8342538b7e2502b752e5cb1e28
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-private-l1-1-0.dll
File size:70'608 bytes
SHA256 hash: 696c10112d8b86a46e5057cbd0bf40728e79c6bb49cda1f2c67fe45d0fc1258d
MD5 hash: ad8d9a6ea592a6c8a78c67a805cec952
MIME type:application/x-dosexec
Signature ACRStealer
File name:DBGHelp.dll
File size:992'208 bytes
SHA256 hash: c1275ddf04a0942b416c1a0b2d32003a4eda732c6f97c74181c236e35d12420f
MD5 hash: 3094481f0cb0531b407d2388ecb4b85f
MIME type:application/x-dosexec
Signature ACRStealer
File name:Pi_Dispa.ini
File size:47 bytes
SHA256 hash: d8da65acc79167d53decab2d59c3f6dbfba37fb20fcdbfe3e260a9a8b45597f1
MD5 hash: bab28424af84abfe9985aa887856afcb
MIME type:text/plain
Signature ACRStealer
File name:api-ms-win-crt-heap-l1-1-0.dll
File size:18'896 bytes
SHA256 hash: 0166edfb23cfc77519c97862a538a69b5d805d6a17d6e235f46927af5c04b3c9
MD5 hash: 9c373c00ac3138233bdf1655c7be8e86
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-util-l1-1-0.dll
File size:17'872 bytes
SHA256 hash: 68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
MD5 hash: c6553959aecd5bac01c0673cfdf86b68
MIME type:application/x-dosexec
Signature ACRStealer
File name:DVDSetting.dll
File size:42'496 bytes
SHA256 hash: 718cfb5195d0e43e795627c781fb3f427856f1cf29f33eedbbc6059b6f214549
MD5 hash: 05c88530d48f20ec24dbc4df3470e57d
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-synch-l1-1-0.dll
File size:19'920 bytes
SHA256 hash: 8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
MD5 hash: 979c67ba244e5328a1a2e588ff748e86
MIME type:application/x-dosexec
Signature ACRStealer
File name:NLETransitionMgr.dll
File size:127'488 bytes
SHA256 hash: 41050f6f6919a4516d481f7c9b5fe6074c447afc6e9cc28d180982eea50ae165
MD5 hash: b27ec2286daa245ceb0688df5b7f574d
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-math-l1-1-0.dll
File size:27'088 bytes
SHA256 hash: c7115159babdaa1f52e478e67b4e612da2332fda4e4036999b29425fe303b6e8
MD5 hash: bc418a3461c5fdfa1a0d75f7e03d08a7
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-rtlsupport-l1-1-0.dll
File size:18'384 bytes
SHA256 hash: d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
MD5 hash: 0069fd29263c0dd90314c48bbce852ef
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-conio-l1-1-0.dll
File size:18'896 bytes
SHA256 hash: 4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
MD5 hash: 7190cbfad2d7773d3b88ccc25533a651
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-processthreads-l1-1-1.dll
File size:18'384 bytes
SHA256 hash: e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
MD5 hash: 29001f316ccfc800e2246743df9b15b3
MIME type:application/x-dosexec
Signature ACRStealer
File name:trading_api64.dll
File size:289'568 bytes
SHA256 hash: f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
MD5 hash: 2bca4e2c047ec969cb3cff277e7fc184
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-filesystem-l1-1-0.dll
File size:19'920 bytes
SHA256 hash: 85b1b189ce9e3c6f4d2efdd4cd82b0807f681bea2d28851caaf545990de99000
MD5 hash: 14f407d94c77b1b0039ae2c89b07a2ff
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-sysinfo-l1-1-0.dll
File size:18'896 bytes
SHA256 hash: 1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
MD5 hash: cef4b9f680faae322170b961a3421c5b
MIME type:application/x-dosexec
Signature ACRStealer
File name:WS_ImageProc.dll
File size:227'328 bytes
SHA256 hash: 58ef42507d9fc1e8a7b240ef5cddc9f600c3d9a61ee6a42a4045278bb332b86a
MD5 hash: 23b3a972dc6e25581b6fa9e01bafc375
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-convert-l1-1-0.dll
File size:21'968 bytes
SHA256 hash: 77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
MD5 hash: 3e415147ccd7c712618868bdd7a200cd
MIME type:application/x-dosexec
Signature ACRStealer
File name:WS_Log.dll
File size:224'256 bytes
SHA256 hash: e841fe9fa09ddc4292f22db95cb2d348d8f37594513f5848d545db92e3b07c66
MD5 hash: c63b86e4e9290bf304e86e03c8a1f235
MIME type:application/x-dosexec
Signature ACRStealer
File name:ks_tyres.ini
File size:10'077 bytes
SHA256 hash: 894d3c57598ecb22c769cc3ea8219859a95e22740e72394a474012ea2119b3d9
MD5 hash: 47f6571c7884da6c743551ac724186d4
MIME type:text/plain
Signature ACRStealer
File name:Chambraid.nm
File size:20'450 bytes
SHA256 hash: f9ccfa3c686c5dc82a1fa9f714907dc618ee5b7bd4eac919685b7ef4f28dd28d
MD5 hash: 2ca1300a6c23ca1af9a9fad8a7e77f84
MIME type:application/octet-stream
Signature ACRStealer
File name:api-ms-win-crt-locale-l1-1-0.dll
File size:18'384 bytes
SHA256 hash: f16447b5fc7fe6fb8a6699a3cef1b2b8ba92d408579bcc272d3dd76acd801e2a
MD5 hash: c5d747f96237b6e9aa85c58745d30c80
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-environment-l1-1-0.dll
File size:18'384 bytes
SHA256 hash: 6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
MD5 hash: ad0cbb9978fcf60d9e9ca45de6a28d30
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-core-string-l1-1-0.dll
File size:17'872 bytes
SHA256 hash: 3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
MD5 hash: 2e5c29fc652f432b89a1afe187736c4d
MIME type:application/x-dosexec
Signature ACRStealer
File name:NLEResource.dll
File size:171'008 bytes
SHA256 hash: 7cd5072111581133c5e28b56bef060b3d3b0d8acca3396ef23c6c384eb292d25
MD5 hash: b5b2c99fbe00ce2d3be66890a55640ae
MIME type:application/x-dosexec
Signature ACRStealer
File name:COMSupport.dll
File size:60'928 bytes
SHA256 hash: b1038928a6da2a1b5064a27187403563f3ab7e8d4ec034dfa8d5d3f6be231191
MD5 hash: 976ef4af05e92e4dbb612756e6798a37
MIME type:application/x-dosexec
Signature ACRStealer
File name:api-ms-win-crt-multibyte-l1-1-0.dll
File size:26'064 bytes
SHA256 hash: c6b4e1d903b3cc83bfaffbe4e82eee634cff8f97f12217caa45b464ddc4e1455
MD5 hash: 9e9c6f83a015029808f5257f7b7e39c6
MIME type:application/x-dosexec
Signature ACRStealer
File name:WSUtilities.dll
File size:186'368 bytes
SHA256 hash: 04c43d5027923585f0056336895805b5236713e4b73eb100b4571a250cd0d6a1
MD5 hash: 1bc54b4933d277f3ecb114194c230447
MIME type:application/x-dosexec
Signature ACRStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686d060c900df8e7f8687c5b
Tags:
ransomware injection obfusc
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Link:
https://app.malva.re/file/82c8da89c0ffa9ed0fa7f5011d7b3c39
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59dd0595be88e40972ca3d6f73f5329110a69f54e579c4a2e065b4396d3aba8e/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lhoqlfn6rdsas4wkhvxxh5jsseiknh2u4v44jixamw2ds3j2xkha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/59dd0595be88e40972ca3d6f73f5329110a69f54e579c4a2e065b4396d3aba8e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:win_get2_a0
Create hunting rule
Author:Thomas Barabosch, Telekom Security
Rule name:win_samsam_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

rar 59dd0595be88e40972ca3d6f73f5329110a69f54e579c4a2e065b4396d3aba8e

(this sample)

ACRStealer

DLL dll 04c43d5027923585f0056336895805b5236713e4b73eb100b4571a250cd0d6a1

  
Link
https://tria.ge/250804-y2m78avsfz/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 04c43d5027923585f0056336895805b5236713e4b73eb100b4571a250cd0d6a1
  
Dropping
MD5 1bc54b4933d277f3ecb114194c230447

Comments