MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0
SHA3-384 hash: 8ea0b2d41d0f16dd27b9a57043579507e57c39a61c77d48149ab9e56fb82c1ef2aea8dc43e6f1e561856072201eb07f2
SHA1 hash: 70ef983b057d1597ae9e182248810fb410fcb4da
MD5 hash: 2a7a6e5c0e058381173f9e9fb1628349
humanhash: utah-washington-colorado-social
File name:SETUP.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:20'102'991 bytes
First seen:2026-05-28 23:25:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:VWUs68Y1PVj482ftfRjK21junNKVk7Huj+QO+JDtesYifgd53H:VWE8Y1PV482lZj/1j8NKVkLuj+QO+9tm
TLSH T16717336168BD3920F4DD8FFD254539DE82A72DA77A2A15C6BC63A630FD833A17CD0940
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter aachum
Tags:ACRStealer file-pumped lopp-hitnoop-cc zip


Avatar
iamaachum
https://sdfdsdd.cfd/ => https://www.mediafire.com/file/urol761hgoiiqxp/SETUP_FILE_(PASS_KEY=1408).zip/file

ACRStealer C2: lopp.hitnoop.cc

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/cb08d4c7-e36c-49ef-be9d-6d6aeab0ebb3/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a18cf00c73fda38a80a890f
Tags:
infosteal
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0
Verdict:
Malicious
File Type:
zip
First seen:
2026-05-29T08:15:00Z UTC
Last seen:
2026-05-29T08:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0/results?tab=lookup
Score:
6%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0
Gathering data
Gathering data
Threat name:
Win64.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-05-28 23:26:46 UTC
File Type:
Binary (Archive)
Extracted files:
1304
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wud2kifkofeuypxsqdvjstp4p4bi4fhpbde5qrgs324oxvhaa6qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip b507a520aa71494c3ef280ea994dfc7f028e14ef08c9d844d2deb8ebd4e007a0

(this sample)

  
Link
https://tria.ge/260528-296lbaes2z/behavioral1
  
Delivery method
Distributed via web download

Comments