MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc4a31ab9b4467ee615cf7f91be716a1003cddf234a8ad43c2f6813ca2b5f6ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ACRStealer

Vendor detections: 4

Intelligence 4 IOCs YARA 23 File information Comments

SHA256 hash:	bc4a31ab9b4467ee615cf7f91be716a1003cddf234a8ad43c2f6813ca2b5f6ed
SHA3-384 hash:	1934e404abd1cb87fcee0d259aa88908572672157a237af6108e5ae268fa0b2af42eb8ece99ad2c1d067586afa337c4f
SHA1 hash:	4a8f012c86a1f8b1a152b9960432aeb78def7e25
MD5 hash:	12caa5508e2fd2da4bfb32a86c7b2be5
humanhash:	edward-leopard-idaho-maryland
File name:	SETUP.zip
Download:	download sample
Signature	ACRStealer Create hunting rule
File size:	28'270'089 bytes
First seen:	2026-04-04 22:52:40 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	786432:+bNTd5X8ZBIpNx2h0pH7JdqzwJVeTW7grW:kR5X8cpNx2h0pH7JdqEJYTW0rW
TLSH	T1925733A3E6DC0ABDEB9758BF1CF1F9462BAF4502369608779C4DC6D8087339A05D8931
Magika	zip
Reporter	aachum
Tags:	ACRStealer ai-latitudeprevalent-cfd dllHijack zip

iamaachum

https://premiumfilesetup.info/ => https://mega.nz/file/b1xBBa7R#CnC9HAHUW51xq_YWyILfVXRsXc69c5nzUFxBR8-4qwU

ACRStealer C2: ai.latitudeprevalent.cfd

Intelligence

File Origin

# of uploads :

# of downloads :

138

Origin country :

Vendor Threat Intelligence

Gathering data

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69d197166a61012f6aced784

Tags:

infosteal shell sage

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/bc4a31ab9b4467ee615cf7f91be716a1003cddf234a8ad43c2f6813ca2b5f6ed

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/bc4a31ab9b4467ee615cf7f91be716a1003cddf234a8ad43c2f6813ca2b5f6ed/results?tab=lookup

Score:

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_OutputDebugStringA_iat Create hunting rule

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__ConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	ldpreload Create hunting rule
Author:	xorseed
Reference:	https://stuff.rop.io/

Rule name:	MD5_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for MD5 constants

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	SHA512_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA384/SHA512 constants

Rule name:	skip20_sqllang_hook Create hunting rule
Author:	Mathieu Tartare <mathieu.tartare@eset.com>
Description:	YARA rule to detect if a sqllang.dll version is targeted by skip-2.0. Each byte pattern corresponds to a function hooked by skip-2.0. If $1_0 or $1_1 match, it is probably targeted as it corresponds to the hook responsible for bypassing the authentication.
Reference:	https://www.welivesecurity.com/

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.