MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06
SHA3-384 hash: 9821772041d3425891ed54bedb92b2f54d6748c62c10a55905a102a90998e6770a965d8c2744ee781c33ecd21f6abc05
SHA1 hash: 346dc0617688f01650adeaddfe8554242c88eb23
MD5 hash: aa3d369178a71fa4deedd64cfa5ceba1
humanhash: king-georgia-nitrogen-washington
File name:autocad2024.zip
Download: download sample
Signature RustyStealer
Create hunting rule
File size:185'126 bytes
First seen:2026-02-04 02:04:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 3072:bE3IJhDCFxke8yd6EESpB8GB3+ulF/QxZqhwN/sfdmwzeDxvOtDP+:by+Q98yLESf8GZTF/2oy/lwCtK6
TLSH T143042317FDAB46F16ED612BA105827C1F32CD021F74A536C00A7537A38A5D5CF2E94B9
Magika zip
Reporter hunter_huang
Tags:RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
VN VN
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:autocad2024.exe
File size:412'160 bytes
SHA256 hash: a22a259b0636b28c9a55c7f66f0147481ddae19786452e8bef72effb364347f8
MD5 hash: 6ee4de902ff9f7c07c9a3336682bc15a
MIME type:application/x-dosexec
Signature RustyStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/097fdb05-28b4-43b4-9010-56806ebaece9/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6982a9619a60ec70d92c9a2d
Tags:
riskware autorun virus sage
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm cobaltstrike fingerprint rust stealer
Link:
https://www.filescan.io/uploads/6982ebeb2ffccda097678e04/reports/d39c3f5a-c410-465d-8f7c-dfee85a1f8a5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
50%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/aa3d369178a71fa4deedd64cfa5ceba1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzkyphg26rg6smvbatr34oosojpegplba3gply45uh4hlefipyda._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
execution persistence
Link:
https://tria.ge/reports/260204-hfwz8sfw6b/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Drops file in Windows directory
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/b655879cdaf44de932a104e3be39d2725e433d6106ccf5e39da1f87590a87e06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments