MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3893ffeb9cbe7a90befabb31d04cf786f51a977f08d17f3f61dfb24af52dccb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 4

Intelligence 4 IOCs YARA 1 File information Comments

SHA256 hash:	a3893ffeb9cbe7a90befabb31d04cf786f51a977f08d17f3f61dfb24af52dccb
SHA3-384 hash:	649616c082f19a61dd5596b825840dcacdd88eb932e999006714c6d08e702818a34c975b778f3a776b46bea531759176
SHA1 hash:	87217b85ee58a16e2f1bd7ebe9c713cc33781ef3
MD5 hash:	6a024ea0be03ed249862bd3fd319d3b6
humanhash:	sweet-gee-lima-thirteen
File name:	𝒮𝑒𝓉𝓊𝓅_Pa$$CŌ𝔻e--0708__$&!#.7z
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	11'478'202 bytes
First seen:	2025-05-24 16:37:00 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
Note:	This file is a password protected archive. The password is: 0708
ssdeep	196608:czT11Fytc3XNnjRujD8jJJJPaPmqiBeNDHoo58BB2JBW8Fwj54w:cFy2pjRu/8bVsmqjN758BB2JBDO5t
TLSH	T124C6330F208D5B488A91CD0CD730DAA079715AEB93668E2734387766BA309D97F5B7C3
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika	sevenzip
Reporter	aachum
Tags:	7z ACRStealer file-pumped pw-0708

iamaachum

https://wfrt.one/?7GlfCdA4L0w9yUVWRPnzSuB6rOxoMZ5JEbsFj1em=XV8TeZU1Cx2vAGDmF9HohqL0fRa6wJd3OKuIciQpjPk=SJzH86gmoLQF52lGTypDK0eWn1MdNXVrkRCsuwPtZbhivfY&h=85 => https://mega.nz/file/v0ZmTJJD#tF1sFSu8VhUps7ND1bmfFMrq-XbxvVrckR78AtBOrqM

Intelligence

File Origin

# of uploads :

# of downloads :

110

Origin country :

File Archive Information

This file is a password protected archive. The password is: 0708

This file archive contains 1 file(s), sorted by their relevance:

File name:	SETUP.tar
File size:	754'135'040 bytes
SHA256 hash:	587ef12a63fc580b51b8e9835e16628207f24522cd6536db837f7c60bc837933
MD5 hash:	d83a83e438be1c8219d437d3b2469390
MIME type:	application/x-tar
Signature	ACRStealer

Vendor Threat Intelligence

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6809f3a6a37ff28e129911b6

Tags:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a3893ffeb9cbe7a90befabb31d04cf786f51a977f08d17f3f61dfb24af52dccb/

Threat name:

Binary.Trojan.Generic

Status:

Suspicious

First seen:

2025-05-24 16:37:33 UTC

File Type:

Binary (Archive)

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uoet77vzzpt2sc7pvozr2bgppbxvdklx6cgrp47wdx5sjl2s3tfq._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/250524-xzhpaaxtgs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Program crash

System Location Discovery: System Language Discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a3893ffeb9cbe7a90befabb31d04cf786f51a977f08d17f3f61dfb24af52dccb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)