MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9
SHA3-384 hash: 7525c925b9902f1f6caf6eeb10dbccb9ffbce3eb5c48c6127b52a1efe59883a78e7d392f3dcb10ef305f7512f95a6230
SHA1 hash: c76e3c4b6efbb0d92f39b9a89cdd56d8cd0a46e3
MD5 hash: 7ec3ac5da9b47fb3d1f3b7543d49488f
humanhash: october-minnesota-whiskey-don
File name:Main Setup.zip
Download: download sample
Signature ACRStealer
Create hunting rule
File size:28'559'029 bytes
First seen:2026-03-17 19:55:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 786432:jKp/8/2Ahg5LGIlt/jsvSmx8RsucEj6m6Htt2GgGb:jKSeq2sJ8/QNzHb
TLSH T10C573374CA09E874E1B1FE7F90871626C9B0B30552783E46529832A54CEF2DBCF5477A
Magika zip
Reporter aachum
Tags:147-45-67-141 78-153-150-52 ACRStealer dllHijack zip


Avatar
iamaachum
https://iergfyelw.it.com/ => https://1drv.ms/u/c/6924206cee4a06ef/IQAqxM53TJnkRI86rSxCkcQdAVg61DGirAM6bGAqKf4TSdo?e=Ch8h1B

ACRStealer C2: 78.153.150.52:443
Dead drop resolver for ACRStealer: https://telegra.ph/Atkins-03-12
Unknown loader C2: 147.45.67.141:443

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
ES ES
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/07183867-3295-4e37-856c-944b9d98a2a3/
Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b9b1ce88c80c01586b5fe4
Tags:
infosteal
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9/results?tab=lookup
Score:
10%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.27 SOS: 0.29 SOS: 0.45 Zip Archive
Link:
https://app.malva.re/file/7ec3ac5da9b47fb3d1f3b7543d49488f
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-17 19:56:20 UTC
File Type:
Binary (Archive)
Extracted files:
503
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w2dyiblgi774736lodfeimq3pautb6i753iqam7f2sazonuiasuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

zip b68784056647ffcfefcb70ca44321b782930f91feed10033e5d48197368804a9

(this sample)

ACRStealer

DLL dll 0c7b5f5ebd66465ca682b496f7937bd056c04ec7d156e78dde012ef8541ef4b4

  
Link
https://tria.ge/260317-yektkshx8p/behavioral2
  
Delivery method
Distributed via web download
  
Dropping
SHA256 0c7b5f5ebd66465ca682b496f7937bd056c04ec7d156e78dde012ef8541ef4b4
  
Dropping
MD5 2037857e20d02f17e02ea70de6a297ff

Comments