MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913
SHA3-384 hash: 127ce8698158a81f13639a5d8a6d86a89c5a753d30db36fc324e54924b8f2f949d49ada56d2c849a38b9fbe482f6aca4
SHA1 hash: 496b90159301312812d9a976d2d521a0401d8ffd
MD5 hash: 8b28c7017e1350c0128b629ae9fcd81a
humanhash: idaho-nuts-high-muppet
File name:Main Setup.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:25'905'533 bytes
First seen:2026-03-08 17:55:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:mBkhIBOzRuFmtlXtDOrsjcFR6O3mkdAFlc:nNuElX/ER6O3mkdl
TLSH T1714733E29C58D04EE667B8B2958BC29C204BE8D6C075845F41CDAB4D3ECD8D50FA778E
Magika zip
Reporter aachum
Tags:46-149-72-226 ACRStealer dllHijack zip


Avatar
iamaachum
https://iksdvnutr.it.com/ => https://mega.nz/file/LzZgQbxS#fbIqruVi9ViJ77VauA1lsBJusWzffROxEsvvRsFW5nc

ACRStealer C2: 46.149.72.226

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/d32ceef3-484c-4bf9-9c91-944472606cd2/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ac2a93e41a5a0999307eed
Tags:
vmdetect
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913/results?tab=lookup
Score:
35%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913
Gathering data
Gathering data
Threat name:
Win32.Trojan.Amatera
Create hunting rule
Status:
Malicious
First seen:
2026-03-08 16:18:39 UTC
File Type:
Binary (Archive)
Extracted files:
660
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uwunqns72ts6ye7wblsh5i2mhilamyymfv7uuorqquqr2d7j5ejq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/260308-xetk2sbx41/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip a5a8d8365fd4e5ec13f60ae47ea34c3a1606630c2d7f4a3a3085211d0fe9e913

(this sample)

ACRStealer

DLL dll c4627fbcce87136d2ec6fdb876b8c4496d7f25411d2c24860ba1ec0f8f39e916

  
Link
https://tria.ge/260308-v87nnaex8p/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 c4627fbcce87136d2ec6fdb876b8c4496d7f25411d2c24860ba1ec0f8f39e916
  
Dropping
MD5 a5c21df47e82d2fbe8b2976e1a597ca6

Comments