MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ACRStealer


Vendor detections: 10


Intelligence 10 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
SHA3-384 hash: 05e74643feb25cdc29780d895e8cc68556101c287cb2a42922fb93e95873a934ed7c41e99649907ffb9b19115c3b87d1
SHA1 hash: 105bcb98250b96acf77a25f6a1a7707d2d7a1920
MD5 hash: 601238d0dd403f776b161e34932f1b8d
humanhash: snake-sixteen-six-magnesium
File name:verification.google
Download: download sample
Signature ACRStealer
Create hunting rule
File size:1'949'184 bytes
First seen:2026-03-19 13:06:39 UTC
Last seen:2026-03-19 13:46:59 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 220c59558875beb392d0c4500b008db4 (1 x ACRStealer)
ssdeep 12288:TBPEgvOSMOB7GCDL7tzFunr7FxBNIHw7WK391XuUyHLmRV98h:TabC7HunvI7K3T2LmCh
Threatray 47 similar samples on MalwareBazaar
TLSH T14995E912C7D2AEB2F55701B2D29F8D3A2F3EE4496B4DD54442E405FA40D2F2F64BEA60
TrID 38.2% (.EXE) Win64 Executable (generic) (6522/11/2)
26.4% (.EXE) Win32 Executable (generic) (4504/4/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.7% (.EXE) Generic Win/DOS Executable (2002/3)
11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter jitesh
Tags:ACRStealer dll malware trojan

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
IN IN
Vendor Threat Intelligence
No detections
Gathering data
Detection(s):
SecuriteInfo.com.Variant.Fragtor.934038.31149.18707.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bbf50493b644ca466ba7cd
Tags:
vmdetect
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm fingerprint hacktool lolbin schtasks
Link:
https://www.filescan.io/uploads/69bbf501677ac46843a6f60d/reports/ba552d51-edfa-4927-a4c8-9ebd1a9fb0be/overview
Verdict:
Malicious
Labled as:
Fragtor.Generic
Link:
https://www.hybrid-analysis.com/sample/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
Verdict:
Malicious
File Type:
dll x32
Detections:
Trojan.Win32.Agent.xcdcvt
Link:
https://opentip.kaspersky.com/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dbfeff8c-2ed3-4014-b43c-4182c1a0850e
Score:
10%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e/
Verdict:
Malicious
Threat:
Family.ACRSTEALER
Link:
https://tip.neiki.dev/file/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2026-03-19 12:53:14 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2jijfqnt2jiy3ifdq3ypyunmiewgiayoo2z5qtdomywidgqm57a._file
Verdict:
malicious
Label(s):
amaterastealer
Create hunting rule
Similar samples:
0c7b5f5ebd66465ca682b496f7937bd056c04ec7d156e78dde012ef8541ef4b4
ACRStealer
3d7e9e61ddc414e65a76eb579c0fa65edb1298d4b000b85105c7b7aad468b1d2
ACRStealer
430b69b2268bb1f2f0821c8cf65d648917e1d13fd5c6f945b5830534e1d0e559
ACRStealer
8ac1c5ccafeaac4bcd19d9ca5f182980e00cd6c5fba048990e21c5fd6623c820
ACRStealer
c4627fbcce87136d2ec6fdb876b8c4496d7f25411d2c24860ba1ec0f8f39e916
ACRStealer
c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
ACRStealer
ebb03085c9091d87e29f79ffc36f35277aaf46ec4356abf29c3bc93e87e8cd82
ACRStealer
error
ACRStealer
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/260319-qcrv4sgz4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Badlisted process makes network request
Unpacked files
SH256 hash:
c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e
MD5 hash:
601238d0dd403f776b161e34932f1b8d
SHA1 hash:
105bcb98250b96acf77a25f6a1a7707d2d7a1920
Link:
https://www.unpac.me/results/345a3709-6153-4bfe-8a26-c19c940fbf01/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ACRStealer

DLL dll c69284960d9e928c6d051c3787e28d620963201873b59ec2637331640cd0677e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3799759/
  
URLhaus
https://urlhaus.abuse.ch/url/3799760/
  
URLhaus
https://urlhaus.abuse.ch/url/3799763/
Cape
Cape
https://www.capesandbox.com/analysis/58125/

Comments