MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844
SHA3-384 hash: 2716999c03d0cb5dc90bcb1cdef491161b9a204c34e184ff39bc04bd44890e6a4f8ee7739c39ede45eaa9fcbcb51983f
SHA1 hash: 4ee2857c80f865c0d1b98299e09ef74d2090a025
MD5 hash: 064b24fe26d0b13ab66aec35042ad5d7
humanhash: oregon-washington-steak-item
File name:atlas_browser.exe
Download: download sample
Signature RustyStealer
Create hunting rule
File size:89'654'632 bytes
First seen:2025-10-28 16:52:42 UTC
Last seen:2025-11-02 15:12:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 01a702faea615deb8afd2e16c4beb983 (2 x RustyStealer)
ssdeep 1572864:TEy7PX7ibWr0L/k71lMoRB9ktxBpo3MhBGUhXRS4XSJB4Gn0fXt8wrE:Yy+Wr0L/kZzKxBi8hEUhBS4XOl0fXtu
Threatray 1 similar samples on MalwareBazaar
TLSH T167182347F1A612B4C12BC2B593165523EF72B458023A62BE92F887603F87B50D73FB95
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter GDHJDSYDH1
Tags:anti-vm backdoor dropper exe RustyStealer spyware stealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
214
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
atlas_browser.exe
Verdict:
Malicious activity
Analysis date:
2025-10-28 16:43:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/016c52f2-440e-4096-8845-30d49a6d99b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6900f2b7706befaf4ec9b5b6
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Searching for synchronization primitives
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm anti-vm evasive fingerprint hacktool invalid-signature keylogger microsoft_visual_cc obfuscated packed packed packer_detected rust signed threat
Link:
https://www.filescan.io/uploads/6900f4fbf1fa8cbc03106dd8/reports/afc434c5-4aa6-4c83-b1fd-bb336f6173ee/overview
Verdict:
Malicious
Labled as:
Malware_50.9
Link:
https://www.hybrid-analysis.com/sample/8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844
Verdict:
Clean
File Type:
exe x64
First seen:
2025-10-27T18:49:00Z UTC
Last seen:
2025-10-28T12:21:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844
Gathering data
Verdict:
Malicious
Threat:
NetworkReferences.Malware.Generic
Link:
https://tip.neiki.dev/file/8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rlh4gxhc2hqk4rfjumrozs2c7axi76qbkkwbs2kuilokqabwpbca._file
Verdict:
malicious
Label(s):
aurastealer
Create hunting rule
Similar samples:
8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844
RustyStealer
error
RustyStealer
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery persistence pyinstaller spyware stealer
Link:
https://tria.ge/reports/251028-vedtgszrh1/
Behaviour
Checks processor information in registry
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Browser Information Discovery
Detects Pyinstaller
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
Enumerates VirtualBox DLL files
Looks for VirtualBox Guest Additions in registry
Looks for VirtualBox executables on disk
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/091b4779-8b90-4be5-afe8-a40b08c3af0a
Malware family:
AuraStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8acfc35ce2d1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RustyStealer

Executable exe 8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844

(this sample)

RustyStealer

Executable exe 2c67c1181a38c5be2205833e2d88de1e8f42fe5d7458d5b3ee669c6e50f5c6c6

  
Link
https://tria.ge/251028-t5c47szrax/behavioral1
  
Link
https://www.filescan.io/uploads/6900f2ac1e2960f5221123c0/reports/eb139258-ef04-4bfe-a95b-9bfeaee62c54/overview
anyrun
any.run
https://app.any.run/tasks/6b2035ba-88c8-41c2-be4c-6552d48d3f7e
  
Link
https://hybrid-analysis.com/sample/8acfc35ce2d1e0ae44a9a322eccb42f82e8ffa0152ac19695442dca800367844/69006e553e499fdf140abec5
  
Delivery method
Distributed via web download
  
Dropping
SHA256 2c67c1181a38c5be2205833e2d88de1e8f42fe5d7458d5b3ee669c6e50f5c6c6
  
Dropping
MD5 828d1cb86b3c616e84a527f93911a629
  
Dropping
SHA256 350be6dedca5632a6ed7164c160480fe009707646e02256704ddd3c92c7a3edc
  
Dropping
MD5 a585bd115fe406327bd2e81150052926
  
Dropping
SHA256 c7cd46cda9e6c35346dc5039ae6a4f49dbddf10d2082d331aa1a51fb58e417d8
  
Dropping
MD5 be9d862182a8bd07e6ff4ad383108ee3
  
Dropping
SHA256 c1fbc4f422bb21364b7e14cfd84bfd231fa21c7e36e3607aadd6ec0b342dd2a2
  
Dropping
MD5 efbae8d7bd809f1df3a00d44bca3143c
  
Dropping
SHA256 21080a1cfbf838b6f7d7b1f1173f2bdaa0cd45f75a5c93487a7c5f06d2037f8b
  
Dropping
MD5 92524d6a1335d799a6f284277be694f1

Comments