MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7
SHA3-384 hash: ec937110ed7849b4f2a97719f7655acea63b54dc01d07c9b1f5f3515daf70e371cde7c56c0ed10f303b74ec754bee353
SHA1 hash: 6016e9055f36c23bb8675f3af8ac44253bc4a780
MD5 hash: 6aed3f54678e704e8fe3e1550cb93200
humanhash: uncle-lamp-fourteen-delta
File name:5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7.dll
Download: download sample
File size:1'184'256 bytes
First seen:2025-12-23 08:07:09 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3c733b5675643aad72c3f03ebfb1a5b6 (1 x ACRStealer)
ssdeep 24576:RZrS8ftqbYzaTG7p5SX6BrR/uNQHBfvELjdf960rsJGgbNG:RZr8KR9TANit8lsJ6
TLSH T1A7457C13FD41C0D1E4DA02F293FA1BF65C28522A37A944D795A42CE499608E3B73FB5E
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter JAMESWT_WT
Tags:dll melasio-com

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45815/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694a4dc1a6c88bb4cc23e92d
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug hijackloader infostealer microsoft_visual_cc
Link:
https://www.filescan.io/uploads/694a4dbbe126b9ff438de173/reports/28364485-6eca-401d-8377-007342d24f71/overview
Verdict:
Suspicious
Labled as:
Infostealer/ACRStealer
Link:
https://www.hybrid-analysis.com/sample/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7
Verdict:
Malicious
File Type:
dll x32
First seen:
2025-12-06T11:16:00Z UTC
Last seen:
2025-12-13T02:06:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7/results?tab=lookup
Gathering data
Score:
14%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/6aed3f54678e704e8fe3e1550cb93200
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7/
Verdict:
Malicious
Threat:
DangerousObject.Multi
Link:
https://tip.neiki.dev/file/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ljowy2c3o467otpltwg5xgccyhcsjeaw2etazulzfbgetgdvfstq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251223-jz7rhsynex/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7
MD5 hash:
6aed3f54678e704e8fe3e1550cb93200
SHA1 hash:
6016e9055f36c23bb8675f3af8ac44253bc4a780
Link:
https://www.unpac.me/results/ae56c682-af1e-4d5e-9d7a-7fcd9c382f28/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a5d6c685b773df74deb9d8ddb9842c1c5249016d1260cd179284c4998752ca7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/45815/

Comments