MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54
SHA3-384 hash: 1b281c083585d2af39fd7e4a5b69aa8ec4de685d0691b6719a44d23a54727bb97f2ddcf3cc4b211781df6cd81811565d
SHA1 hash: b352f72cfe40c339b00ce2ddcd5f08517e2e3345
MD5 hash: f1d2cbef3a4bf82fc3b8e87ff7807184
humanhash: jig-solar-mobile-saturn
File name:autocad2025.zip
Download: download sample
Signature RustyStealer
Create hunting rule
File size:190'470 bytes
First seen:2026-02-04 02:09:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: infected
ssdeep 3072:ZRDpQV4k397X43riT8Ydg5batLlKKTjtQcyhMDejGZYJfeGoXYYpppY9z/vOH9ne:O3974S8YO5bol9uDGejCnoGLYtvMPYTD
TLSH T1AF1423399D7444CC9907D23F9D283B982C78FE9DCD049B6C819956E9A13C3821D589FF
Magika zip
Reporter hunter_huang
Tags:RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
VN VN
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:autocad2025.exe
File size:424'448 bytes
SHA256 hash: 2fabef95141c63a3d7cdb170e6d2fe3b3d7e8f3d74e6668dba3d50f0a86588db
MD5 hash: c5ed72a71f59e6831cb684c2e3fd4100
MIME type:application/x-dosexec
Signature RustyStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9600f0b1-4104-4462-94a1-9cf2acc1b525/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6982aa536b1af47db72c9937
Tags:
autorun xtreme virus sage
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm base64 cobaltstrike fingerprint rust
Link:
https://www.filescan.io/uploads/6982ebec981ff1d38a47a253/reports/1dc4aac9-838a-4fa5-96c4-19e3c6312f95/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54/results?tab=lookup
Score:
52%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/f1d2cbef3a4bf82fc3b8e87ff7807184
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-04 02:10:32 UTC
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xm7mirrewfmkb3d7n7nuj5iok3xgcdr2rzq3c2vksromxm3t7vka._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
execution persistence
Link:
https://tria.ge/reports/260204-hfwz8sfw6c/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Drops file in Windows directory
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/bb3ec44624b158a0ec7f6fdb44f50e56ee610e3a8e61b16aaa945ccbb373fd54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments