MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RustyStealer

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f
SHA3-384 hash:	ecee53b6636cc26cf07ca37674b7250df9759c67a86d62ff7455cdd297bebbefcf061074a4d95cc79ed9076006d118c6
SHA1 hash:	53c5d7403ae8251d6cfe3182dc3cbfb73e21431e
MD5 hash:	3ec7f152d8675d758d8766a2356bf3a4
humanhash:	black-hamper-kansas-alpha
File name:	KhirBreaker V1.rar
Download:	download sample
Signature	RustyStealer Create hunting rule
File size:	43'707'147 bytes
First seen:	2026-03-16 13:19:31 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	786432:RtDsqQg1822eXJ0QwZeRfhUIyPPvVpvyQ6KjMWK+1EC/kI3iPVf:Rhn18XOeQ8eYNPdpKejM2iCciKf
TLSH	T15FA7334003CE37C05F69046D4BB50FE3CAE701CEB6EB991A5EEE435B7C86586581A6E3
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	burger
Tags:	rar RustyStealer

Intelligence

File Origin

# of uploads :

1

# of downloads :

82

Origin country :

NL

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/f848de72-80ad-473d-8e07-f9d4626e733d/

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b803eb88c80c01586ac4b0

Tags:

infosteal java

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f

Verdict:

Malicious

File Type:

rar

Link:

https://opentip.kaspersky.com/84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f/results?tab=lookup

Gathering data

Threat name:

Win32.Trojan.Kepavll

Status:

Malicious

First seen:

2026-03-16 13:20:25 UTC

File Type:

Binary (Archive)

Extracted files:

686

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qtpee3c4au7aliisrorb4vte5z2zzrf4jgb2hfzom2n4nx7tai7q._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260316-rve5psbx4m/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

rar 84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f

(this sample)

exe 5baa2eb4706b40736dc3e93858fadf0d15309186c598d4de8ecba25252cad4c9

Dropping

SHA256 5baa2eb4706b40736dc3e93858fadf0d15309186c598d4de8ecba25252cad4c9

Dropping

SHA256 73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

Dropping

SHA256 ee46190acc18c749eb9411c477d7cb10cfd7be238f58a139bfb54174a7b821d2

Dropping

MD5 607e7182bd7d0571d9b65c6792a4ae80

Dropping

MD5 7b124ae536db5935de564c6bcc8db1b0

Dropping

MD5 21ddf38989052d7e577367980dfbe2f5

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample