MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cb7fd54f66b99cc623bfc38f8aed37b87e36a59882ea770ce30c825bbbe754b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ACRStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 6cb7fd54f66b99cc623bfc38f8aed37b87e36a59882ea770ce30c825bbbe754b
SHA3-384 hash: a1432f08141c22d9b1cbc9f1ac8840028fabc14404a3ea1945a30c3be1630053d1c07a891ecc7bef7dab43fd74bd6b27
SHA1 hash: 4485ba9c695d1d711f5c4fa8d9f255582c5969a9
MD5 hash: 62fbcb5eed035d28a3cd95bce4c81bdc
humanhash: robert-india-chicken-cola
File name:SETUP.zip
Download: download sample
Signature ACRStealer
File size:28'684'041 bytes
First seen:2026-07-05 02:49:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:SnPIL9OBHBS1Rz9t0EZOWUietXPaVr0VYze8n5jZtzI:rAST4ie+0cei5ltI
TLSH T17C573328F8963A61EC4DC5B406B02DA403F06D76037B5BC42374746FA667FAE9B34A35
Magika zip
Reporter aachum
Tags:ACRStealer releases-cloudgateway-cc zip


Avatar
iamaachum
https://tcbvds.it.com/ => https://www.mediafire.com/file/udnaxp815dx5wwr/SETUP_FILE_(PASS_KEY=2113).zip/file

ACRStealer C2: https://releases.cloudgateway.cc/

Intelligence


File Origin
# of uploads :
1
# of downloads :
107
Origin country :
ES ES
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Tags:
shell sage hype
Verdict:
Malicious
File Type:
zip
First seen:
2026-07-04T21:47:00Z UTC
Last seen:
2026-07-05T03:46:00Z UTC
Hits:
~10
Gathering data
Gathering data
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2026-07-05 02:38:02 UTC
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PK_PUMP_AND_DUMP
Author:Will Metcalf @node5
Description:Walks Zip Central Directory filename entries looking for abused extension then checks for a file that's at least 25M and then check to see how much uncompressed size is vs compressed size

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 6cb7fd54f66b99cc623bfc38f8aed37b87e36a59882ea770ce30c825bbbe754b

(this sample)

  
Delivery method
Distributed via web download

Comments