MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360
SHA3-384 hash: 0f69f439d4ead62795b82461048922d3b929f3c8006eec4436e88183b8e0e7156cd1b2e926b6b815589cb07e16aafefd
SHA1 hash: 700c0111459a5b37c317df49271ee90a8db35567
MD5 hash: a7af88e2982f51bf34e71e59f7ddc653
humanhash: mountain-six-mars-butter
File name:SETUP.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:16'273'642 bytes
First seen:2026-06-09 14:31:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:vO1QWANCLeYo/KPgB+rjan5Q/1NX41056GgUOe:vOuWA06SPC+in5Qf4108Ve
TLSH T142F6237AA85C3910F8DD8FFD988939EE83A35E5B6E161A8E7D536234FC573907C80940
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter aachum
Tags:ACRStealer ko-logicbeacon-cc zip


Avatar
iamaachum
https://sdfdsdd.cfd/ => https://www.mediafire.com/file/axflli6v7r7eyf0/D0WNL0AD_SETUP_(PASS=1369).zip/file

ACRStealer C2: ko.logicbeacon.cc

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/83c9fe35-4880-42eb-afbe-75affdb2273b/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69c6f2b6aacb4c376b14d370
Tags:
n/a
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-09T13:27:00Z UTC
Last seen:
2026-06-09T13:31:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-09 09:30:24 UTC
File Type:
Binary (Archive)
Extracted files:
662
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3n4c2e7xkb44whvnpxg47mum7nesazacmi7frf4fx2bjrh3gnqa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution persistence spyware stealer
Link:
https://tria.ge/reports/260609-rw53hscw4m/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Browser Information Discovery
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
System Time Discovery
Checks installed software on the system
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses cryptocurrency files/wallets, possible credential harvesting
Reads user/profile data of local email clients
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 8edbc1689fba83ce58f56bee6e7d9467da4903201311f2c4bc2df414c4fb3360

(this sample)

  
Link
https://tria.ge/260609-rl28wacs7n/behavioral2
  
Delivery method
Distributed via web download

Comments