MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 40 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6
SHA3-384 hash: 3fbd68f59ae6ab937dec608f2accee1f301841b53674da2dc8914da2b826899e7fa08debad5aed2bf235c6437068656f
SHA1 hash: 06e43f6a6a70566491305a986296a6631bca5611
MD5 hash: c7dd3f7ce0d5e1a7b7b5a52693754acd
humanhash: wisconsin-golf-mike-skylark
File name:Main Setup.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:18'627'271 bytes
First seen:2026-03-31 12:37:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:OqjTQroB7jvXNGpOpUQShH8P8gK9H0zuVzRr0GkqPJ1MGVqFH:OqYUB7T9GphQSh80gKeyjomMHH
TLSH T136173308A5A3C9E82D509E37C861DE49EF9D5C20D5C6894AA13CF5E72F307CA9EC4DC9
Magika zip
Reporter aachum
Tags:ACRStealer dllHijack foot-trxzidan-icu zip


Avatar
iamaachum
https://fhdgjrtks.it.com/ => https://getshared.com/dashboard/s/YXyV6nVki2Bx

ACRStealer C2: foot.trxzidan.icu

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
ES ES
File Archive Information

This file archive contains 30 file(s), sorted by their relevance:

File name:Setup.exe
File size:103'256 bytes
SHA256 hash: 77ea95dad0fa04ee7501d18779e6bde0c0589874950d5758434aa2472e2daecf
MD5 hash: 60f58704caab852bc6ba7ef099562433
MIME type:application/x-dosexec
Signature ACRStealer
File name:qsvg4.dll
File size:24'576 bytes
SHA256 hash: 6e31a5592490e39c46bf379dceabe57219a246510367b8cff52f080ad5ac8dd9
MD5 hash: 6c73095e7a27dd9e45e15e5e9a852aa7
MIME type:application/x-dosexec
Signature ACRStealer
File name:QtGui4.dll
File size:3'964'928 bytes
SHA256 hash: 4e17c4962c29061c66300d5acf19e8fda28609f1eb69df8d2ffa2b69687895cd
MD5 hash: 003b7f5efa14c014ef8c66986fece1f6
MIME type:application/x-dosexec
Signature ACRStealer
File name:qtiff4.dll
File size:249'856 bytes
SHA256 hash: 7ca868368b685167d90316b7f8c6b5f7c90eef8c08f3176bfa23d0ce7a298692
MD5 hash: 011e3fb1a74e1654970b530c9f3585f1
MIME type:application/x-dosexec
Signature ACRStealer
File name:libspp.dll
File size:2'686'976 bytes
SHA256 hash: 4c74aaf581544ba9d7eea9826093f318be0f0375b6ede837e69a102dd2f4838a
MD5 hash: b9bace4ec8532f067ee5a013cb0365b2
MIME type:application/x-dosexec
Signature ACRStealer
File name:QtCore4.dll
File size:1'028'096 bytes
SHA256 hash: 2bb0d6fff88427e34c7d0d29e97443fe9826c42ce2aa0269f024b23d9e9ea22a
MD5 hash: 96213755b33c017492437ca934987207
MIME type:application/x-dosexec
Signature ACRStealer
File name:qtmultimedia_m3u.dll
File size:33'776 bytes
SHA256 hash: cef01eebd145171f52b1b106312965f1dfa26371315832d4e51588ec26d20889
MD5 hash: dc9a8e4b5f5e2bee66da09da2ecd9310
MIME type:application/x-dosexec
Signature ACRStealer
File name:sppinst.exe
File size:32'768 bytes
SHA256 hash: 5ff841292d504e87649137b2bc8f6c3491ad5ddef2cf9a29e802bce117707f73
MD5 hash: 7405664128a2e03f9f0932e484c3fb10
MIME type:application/x-dosexec
Signature ACRStealer
File name:syncbreeze_manual.pdf
File size:4'551'113 bytes
SHA256 hash: 95d19bb6f66d551fdf8b9b640475c2288e4ad1b45f82ade8e599e1426cec305f
MD5 hash: cbbbc414dd0ad1f3d756193eb95d0570
MIME type:application/pdf
Signature ACRStealer
File name:libsbg.dll
File size:798'720 bytes
SHA256 hash: 3269b49f3e2dda062057ce8d6d77a7d2b793ea46aee839446b64a8fd437aaf18
MD5 hash: 48a1e30e8c4f5cd39ea341343a5d044c
MIME type:application/x-dosexec
Signature ACRStealer
File name:qwindowsvistastyle.dll
File size:144'368 bytes
SHA256 hash: d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9
MD5 hash: 53a85f51054b7d58d8ad7c36975acb96
MIME type:application/x-dosexec
Signature ACRStealer
File name:qmng4.dll
File size:192'512 bytes
SHA256 hash: 06f966e4f069d797dd0e629f7874fd8f11d9accedc9f5e68d4d81f3cee023a29
MD5 hash: d5ae01409e4f9e54b39ad6ea1d8c2dd4
MIME type:application/x-dosexec
Signature ACRStealer
File name:libsync.dll
File size:872'448 bytes
SHA256 hash: eea8f742c94ca9e37734b9d05371006f0a6dd8c23271b385406a94597f2533d6
MD5 hash: fb072517d833c52934dac1a97b8728c5
MIME type:application/x-dosexec
Signature ACRStealer
File name:ssleay32.dll
File size:361'472 bytes
SHA256 hash: 768364a31da1443fd50c88c09686351384064455398c47e261724622832a0182
MD5 hash: 13ef5e2041082eb3b3db887cc427cfb6
MIME type:application/x-dosexec
Signature ACRStealer
File name:Qt5Multimedia.dll
File size:746'480 bytes
SHA256 hash: 1a59ae2a9ff768ad6bfb888fe3dd2544e238f0b28da83cf375ebd803ce713dc4
MD5 hash: 01df79071f9da0b9b7bda3db7fdc8809
MIME type:application/x-dosexec
Signature ACRStealer
File name:Qt5Gui.dll
File size:7'035'512 bytes
SHA256 hash: 0323c7fbd9a579f339b597b3e5f5b6e02814ae594f7fbc0cdd1786a5a32551ac
MD5 hash: 6d50542785d7962382c3756cd85ca12c
MIME type:application/x-dosexec
Signature ACRStealer
File name:libpal.dll
File size:1'097'728 bytes
SHA256 hash: 106ac038e1b30c7de19100ae9026217a5dec14f14a43f4012aed8fee1eeda858
MD5 hash: baadffff5cc10c3b62507078f08462ec
MIME type:application/x-dosexec
Signature ACRStealer
File name:vcruntime140.dll
File size:90'192 bytes
SHA256 hash: bf33857f46e56ea7930c1eea25c5f7175a6aaa3df36bf8301a785e6ca726a0b9
MD5 hash: c33386a6e67be415a24d9c431ffd42ac
MIME type:application/x-dosexec
Signature ACRStealer
File name:libspg.dll
File size:3'280'896 bytes
SHA256 hash: 1da905d5799176c8044b71ee2e17f27dd731ea70d49eb5a767a077fcfc89b780
MD5 hash: 73d8c7747cfaa926eab24e81af0aa8e7
MIME type:application/x-dosexec
Signature ACRStealer
File name:qjpeg4.dll
File size:102'400 bytes
SHA256 hash: bc82e8fe15670ada26d4f684d3cbe5f33901284bc366047722de8b7f62996a46
MD5 hash: 3d20fa8dd933c76ed5cc48544219099f
MIME type:application/x-dosexec
Signature ACRStealer
File name:libEGL.dll
File size:25'072 bytes
SHA256 hash: 32092de077fd57b6ef355705ec46c6d21f6d72fbe3d3a5dd628f2a29185a96fa
MD5 hash: bb00ef1dd81296af10fdfa673b4d1397
MIME type:application/x-dosexec
Signature ACRStealer
File name:syncbr.flx
File size:1'116 bytes
SHA256 hash: a25f67dbc854594eb23a46d5daf3aeab9a64d4104a0df4388330793c430c7d5b
MD5 hash: 303733ef9e17cb9f973bc00a9eba2118
MIME type:application/octet-stream
Signature ACRStealer
File name:qgif4.dll
File size:28'672 bytes
SHA256 hash: fe8b67e424dafce5b6a2b8334d22f3b24126b957fce1d4c6e911b3f564161ba1
MD5 hash: 89ef1053c08539e7157ce24246a59200
MIME type:application/x-dosexec
Signature ACRStealer
File name:resources.pri
File size:2'000 bytes
SHA256 hash: 7829390216999b02439a05a931d2f3224277cadd4e6d8caec63ddd8773e27db8
MD5 hash: 896806ee914e6181946be2fbdeef6233
MIME type:application/octet-stream
Signature ACRStealer
File name:libeay32.dll
File size:1'672'704 bytes
SHA256 hash: da61add5c3e5be5e4f952f8cd1b034708646efee55e8153f01dae5e1a1bc79e7
MD5 hash: e56a78ead953b3f5492cea9537d964c4
MIME type:application/x-dosexec
Signature ACRStealer
File name:libcrypto-3.dll
File size:3'507'568 bytes
SHA256 hash: d86d229f944d8a12a19405b95e99a6c5a3fd5ed245ff62470ed91fa613b48add
MD5 hash: 4a696daf28f5eaf655d029179cbe0726
MIME type:application/x-dosexec
Signature ACRStealer
File name:syncbr.exe.manifest
File size:626 bytes
SHA256 hash: fdd57e3c7bce38a73da52a578616db500e56d866e7f8418e26df2246adee636f
MD5 hash: e07551d5a8cce2e4623b66a48ed96bff
MIME type:text/xml
Signature ACRStealer
File name:Qt5Core.dll
File size:6'031'480 bytes
SHA256 hash: 60b21a618c7f4ee015b8060dd8a64e9fb39c5167ff369eba8aeaaa29290c3485
MD5 hash: b2b77282c8f09de9c77bd486a94a1676
MIME type:application/x-dosexec
Signature ACRStealer
File name:syncbr.exe
File size:557'056 bytes
SHA256 hash: e5faa18adf6cf270509a7551429c6c8fb860668cf8ca0f4ec72878a8dbd0c95e
MD5 hash: ddbd9c2f6f2085bc3d8964f67c61647f
MIME type:application/x-dosexec
Signature ACRStealer
File name:python315.dll
File size:4'017'664 bytes
SHA256 hash: 35dbae3e220f782f3014dcbf35f5a4ecdec87fe727371739e3798624043f8413
MD5 hash: 0664c83d26c7a70b14b63e56328de1b7
MIME type:application/x-dosexec
Signature ACRStealer
Vendor Threat Intelligence
Gathering data
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697621b8bec9764f452eb8d8
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6/results?tab=lookup
Score:
7%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2026-03-31 12:38:44 UTC
File Type:
Binary (Archive)
Extracted files:
403
AV detection:
11 of 36 (30.56%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spp55udjfmv5grpl63egtp3smhcwhnntsuaud744jymqaep7hhla._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/260331-qd4lasdx81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Armadillov1xxv2xx
Create hunting rule
Author:malware-lu
Rule name:BLOWFISH_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for Blowfish constants
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:SUSP_Websites
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference of suspicious sites that might be used to download further malware
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:WHIRLPOOL_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for WhirlPool constants
Rule name:without_attachments
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the no presence of any attachment
Reference:http://laboratorio.blogs.hispasec.com/
Rule name:with_urls
Create hunting rule
Author:Antonio Sanchez <asanchez@hispasec.com>
Description:Rule to detect the presence of an or several urls
Reference:http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 93dfded0692b2bd345ebf6c869bf7261c563b5b3950141ff9c4e190011ff39d6

(this sample)

ACRStealer

DLL dll 35dbae3e220f782f3014dcbf35f5a4ecdec87fe727371739e3798624043f8413

  
Link
https://tria.ge/260331-pghybsat7q/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 35dbae3e220f782f3014dcbf35f5a4ecdec87fe727371739e3798624043f8413
  
Dropping
MD5 0664c83d26c7a70b14b63e56328de1b7

Comments