MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6
SHA3-384 hash:	388d73f661f5c01a35a02fa2e44da4f4553259dc6393af248c25e5a54a8ec018a12cd9498a5bfcc35bd4215e5bcb8a3b
SHA1 hash:	e97dc109cc632af60dca7a980f1b6cc7139e16fe
MD5 hash:	81ee169ebf2faa4a67d991631f8ae571
humanhash:	august-thirteen-bravo-happy
File name:	Setup_1770108883467.zip
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	38'405'931 bytes
First seen:	2026-02-03 15:00:55 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	786432:br9Ue8t2SvJWUip1e8Z8inUeQpUn2T6XTZazbKCxMJ3/gRQ:Vp+2Qtip1N/nPQUTYz+C2J3/T
TLSH	T18E8733DD947614E5C5763777E6B801A78A702A35EFC2AE39D56E90BA0FEC30213C8871
Magika	zip
Reporter	aachum
Tags:	146-103-109-239 ACRStealer dllHijack zip

iamaachum

https://disk.yandex.ru/d/MhfGbLmCmllNNg

ACRStealer C2: 146.103.109.239

Intelligence

File Origin

# of uploads :

1

# of downloads :

122

Origin country :

ES

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/0971eece-feb7-4843-971a-ed11f8750ebd/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69820b3d183032faf3eef371

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6/results?tab=lookup

Score:

36%

Verdict:

Susipicious

File Type:

ARCHIVE

Link:

https://malprob.io/report/742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6

Gathering data

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-03 17:11:41 UTC

File Type:

Binary (Archive)

Extracted files:

551

AV detection:

4 of 24 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oqtxezlkrjx4nakz7h67wyywrriy7xyw4ejhncanuwvtakcbuwta._file

Result

Malware family:

sectoprat

Score:

10/10

Tags:

family:sectoprat discovery execution persistence rat spyware stealer trojan

Link:

https://tria.ge/reports/260203-vhq8zsat2g/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Reads user/profile data of web browsers

System Location Discovery: System Language Discovery

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Reads user/profile data of local email clients

Badlisted process makes network request

SectopRAT

SectopRAT payload

Sectoprat family

Malware Config

Dropper Extraction:

http://194.150.220.218/4SLEYpfAk57hGubo/sapodilla
http://194.150.220.218/4SLEYpfAk57hGubo/froelichia
http://194.150.220.218/4SLEYpfAk57hGubo/malacca

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 742772656a8a6fc68159f9fdfb63168c518fdf16e11276880da5ab302841a5a6

(this sample)

DLL dll 2e92bebc2ba43da251e6e3da4c45997ac97c40882bde1797be6ecb5eb2de2edb

Link

https://tria.ge/260203-rxea7aey2g/behavioral2

Delivery method

Distributed via web download

Dropping

SHA256 2e92bebc2ba43da251e6e3da4c45997ac97c40882bde1797be6ecb5eb2de2edb

Dropping

MD5 0b481a82572900e846a01c5538c02f97

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample