MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RustyStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 7 File information Comments

SHA256 hash:	bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37
SHA3-384 hash:	2c549f662ab2fc9636b0b1d6421c08ebe769216daccb144a47e1e3541db72512a7cbee2506df6ef2bf7d9847bbdff7fe
SHA1 hash:	703a9a28c2e889124015e4e5599f5c28407a4a4e
MD5 hash:	3a4703b2586411b43790d581aa66f472
humanhash:	bluebird-vegan-lactose-alanine
File name:	minimal_enc.exe
Download:	download sample
Signature	RustyStealer Create hunting rule
File size:	1'479'168 bytes
First seen:	2025-12-06 17:30:30 UTC
Last seen:	2025-12-06 19:32:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0e37c9d6bd6fe57a49b574a12dd7bfe6 (1 x RustyStealer)
ssdeep	24576:iQMeXk4T4SnsZh7UkvVdnQvh5rNVx8S3QSVG8yI//D:iQHlsZh7UkvLCX7x8SgSQ8yI
TLSH	T125657D07F6A581EDD19EC0B443469E37B635B8890A20BDBF17D15A302EA6F520F1EB1D
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10522/11/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	juroots
Tags:	exe RustyStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37.exe

Verdict:

No threats detected

Analysis date:

2025-12-06 17:44:48 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/96497c30-7668-430c-9e8b-d8c08e22f683

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/42798/

Detection(s):

SecuriteInfo.com.Trojan.Win64.Krypt.27218.26201.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6934691a920336450abc080e

Tags:

virus

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-06T15:01:00Z UTC

Last seen:

2025-12-07T15:56:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Ransom.Win64.Agent.gen

Link:

https://opentip.kaspersky.com/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/60dee110-24e5-44d2-bcf8-ed888ff198f9

Score:

91%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/3a4703b2586411b43790d581aa66f472

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37/

Verdict:

Malicious

Threat:

Trojan-Ransom.Win64.Agent

Link:

https://tip.neiki.dev/file/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2025-12-06 14:44:59 UTC

File Type:

PE+ (Exe)

AV detection:

10 of 24 (41.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x4baccgqxoaupe47zelxg2rrcdmctn6vtlpfj5z2bzklwhl5ry3q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251206-v4nd8ags4e/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2e6e17d7-d501-4aba-8429-f4844ad0e408

Unpacked files

SH256 hash:

bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37

MD5 hash:

3a4703b2586411b43790d581aa66f472

SHA1 hash:

703a9a28c2e889124015e4e5599f5c28407a4a4e

Link:

https://www.unpac.me/results/c86630a3-9a66-46a1-8cb3-35cdef077daa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bf020108d0bb8147939fc917736a3110d829b7d59ade54f73a0e54bb1d7d8e37

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	dependsonpythonailib Create hunting rule
Author:	Tim Brown
Description:	Hunts for dependencies on Python AI libraries

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	ProgramLanguage_Rust Create hunting rule
Author:	albertzsigovits
Description:	Application written in Rust programming language

Rule name:	Rustyloader_mem_loose Create hunting rule
Author:	James_inthe_box
Description:	Corroded buerloader
Reference:	https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24