MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MicroStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d
SHA3-384 hash: abde10b24b3cd0d2d4afc5494b31c58370d5be4b14fac04c150e3a3c2f7480b8abc712a57b63255c19cc10cddbde3bd2
SHA1 hash: 7e914c6e779b4f83f681dcf81cfee21a0110c194
MD5 hash: 54af16a88369bfe864ca6c1228613cf4
humanhash: robert-skylark-venus-angel
File name:system.jar
Download: download sample
Signature MicroStealer
Create hunting rule
File size:29'586'231 bytes
First seen:2026-03-01 08:13:09 UTC
Last seen:2026-03-01 08:44:16 UTC
File type:Java file jar
MIME type:application/zip
ssdeep 786432:LDNcvQGN5q+feL1rC8Mk4CrpPXjstm97IDEzj:LDNc4Y55eLVC8MkDtPXWu7I4zj
TLSH T100570219D15F403ACA57D67928EF4BE6FF34829F8220571F23F439198CD2B890B6275A
TrID 63.1% (.SPE) SPSS Extension (30000/1/7)
28.4% (.JAR) Java Archive (13500/1/2)
8.4% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter PancakeSparkle
Tags:infostealer jar MicroStealer stealer


Avatar
PancakeSparkle2
Extracted from fake game sent via discord

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
RO RO
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
tempfall.com
Verdict:
Malicious activity
Analysis date:
2026-03-01 02:58:35 UTC
Tags:
discord stealer microstealer
Link:
https://app.any.run/tasks/f7440fd1-45e7-4ed9-8ce5-5eb59d7de896

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/55048/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a3f559c950ab5d9ab2cd6d
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm lolbin macros-on-close obfuscated runonce
Link:
https://www.filescan.io/uploads/69a3f52097feb4afd6624e61/reports/0ca3a436-9948-4d85-8c88-02e36d8146a8/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d
Verdict:
Malicious
File Type:
jar
Detections:
Trojan-PSW.MSIL.DiscoStealer.sb
Link:
https://opentip.kaspersky.com/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d
Gathering data
Verdict:
Malicious
Threat:
Family.MICROSTEALER
Link:
https://tip.neiki.dev/file/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xj6zxdgzgqbyiqnnro4ipgspi4k5kmxph2wyhzswjepy3irij5gq._file
Result
Malware family:
micro_stealer
Create hunting rule
Score:
  10/10
Tags:
family:micro_stealer credential_access defense_evasion discovery execution persistence stealer
Link:
https://tria.ge/reports/260301-j4jv9ae12g/
Behaviour
Enumerates system info in registry
Kills process with taskkill
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Browser Information Discovery
System Time Discovery
Enumerates processes with tasklist
Contacts third-party web service commonly abused for C2
Loads dropped DLL
Uses browser remote debugging
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/ba7d9b8cd934038441ad8bb8879a4f4715d532ef3ead83e656491f8da2284f4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropping
MicroStealer
Cape
Cape
https://www.capesandbox.com/analysis/55048/

Comments