MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf
SHA3-384 hash: c95e874a44b87a9de6f62b938cc4ae93d820b7dcb1fc050b74042698603d65cfe134b47aeee8e287b735654488bb27bb
SHA1 hash: d4ae22c2aa3e6fb4a297080089de6bc1a24ffb76
MD5 hash: 7a5a5ab8f88e251c5de3b827d5c44272
humanhash: helium-burger-bakerloo-enemy
File name:SETUP.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:24'909'227 bytes
First seen:2026-02-03 14:52:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:RmhpJHNrOvea1J+8y1zORkaTBoX43YnqfR+Q44jJ/gbr4jso1okx0eUijRbAb1mP:RmDJHNrkp1JXiz3a1oX43YKRt5jso175
TLSH T1B047331CAE627C14E22B1BBEA8B9BB1087F34257612CC755125618934AEF77503C27EF
Magika zip
Reporter aachum
Tags:144-124-241-194 ACRStealer dllHijack zip


Avatar
iamaachum
https://trdjfvncw.pro/ => https://mega.nz/file/y0RUXZxK#kEWWoWzAD8ojKxYCl36yuiV0AmFYhEC1BziZK81mphU

ACRStealer C2: 144.124.241.194

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/487d162e-9622-47bf-bfc3-1767786bcf60/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6928ad306cb1dcd57781a7e5
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Clean
File Type:
zip
Link:
https://opentip.kaspersky.com/a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf
Gathering data
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uh7spg5kzjfjj5v5ympk2srmiheafbkzmgsvvglbjbru34pkts7q._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
execution
Link:
https://tria.ge/reports/260203-vhn4maat2b/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip a1ff279baaca4a94f6bdc31ead4a2c41c802855961a55a996148634df1ea9cbf

(this sample)

ACRStealer

DLL dll 2be95778a0cfec7e4527184c9aa3b41d665f80f015d2e66d769da0383b546ce5

  
Link
https://tria.ge/260203-rv37jaex3d/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 2be95778a0cfec7e4527184c9aa3b41d665f80f015d2e66d769da0383b546ce5
  
Dropping
MD5 3f68652a79696cf8be50cebd36cfeb27

Comments