MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5
SHA3-384 hash: 088ac233b7382370a0ce4152653c113d9167f3511c318bba668fe02092b4d770123e0b834ceb85c23e0a7f20d986b285
SHA1 hash: 66aaad45e747d48a6e4043d884e02bc12231ac3e
MD5 hash: bf3231c84eb50b2b48ab77028de023c9
humanhash: avocado-green-coffee-beer
File name:Main Setup.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:41'054'699 bytes
First seen:2026-05-13 02:05:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:tU+nUtjIUFvkv82jT/MxoqEo9WZVkD97hbs/j09M:tDUpFvkv1EGqsZa9wjOM
TLSH T177973385F86DB5A2C3F9E8B47E58652BE220E3B8E1FAA9071D74B11484E33D15700F5B
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter aachum
Tags:ACRStealer bitajaxcloud-icu HIjackLoader IDATLoader zip


Avatar
iamaachum
https://wdnvffur.it.com/ => https://www.mediafire.com/file/vwn3cjsmt4spg2f/D0WNL0AD_SETUP_FILE(KEY_2234).zip/file

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/332d7411-66d6-430f-aaee-c5ae203c4090/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d0532c66ab6d001dce8516
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5
Verdict:
Malicious
File Type:
zip
First seen:
2026-05-13T08:06:00Z UTC
Last seen:
2026-05-14T22:04:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5/results?tab=lookup
Score:
20%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5
Gathering data
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 05:49:22 UTC
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=thaiebntb5tquq5cyug6jp5rsvw2v3s2uprjdbb7zsbnryjbz62q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip 99c08205b30f670a43a2c50de4bfb1956daaee5aa3e291843fcc82d8e121cfb5

(this sample)

ACRStealer

DLL dll 696247f1533d46607b13d2a22dcc367623fa5dfb239b36d99d0aae20a581ac24

  
Link
https://tria.ge/260513-cabjfsfz2j/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 696247f1533d46607b13d2a22dcc367623fa5dfb239b36d99d0aae20a581ac24
  
Dropping
MD5 c8dfd46129daa22aad6462ab79daa81a

Comments