MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802
SHA3-384 hash: 377b9918ab7280e03187c9af6e5c2671530dc8b7e801fe5d9297e7edc40f0893f1e0b6b99f0eb329b382c19856a0a124
SHA1 hash: 29014d4d6fc42219cd9cdc130b868382cf2c14c2
MD5 hash: 7c5493a0a5df52682a5c2ba433634601
humanhash: twenty-eleven-cat-mountain
File name:dec_fixed.exe
Download: download sample
Signature RustyStealer
Create hunting rule
File size:956'928 bytes
First seen:2025-12-06 17:29:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 87f0863ec927249773659ca301d7b700 (6 x RustyStealer)
ssdeep 24576:FH/Ls1S7APHLeQWzxfybcolpt66SEo86M/DS9:FH/Ls1EcfWzxqbcoLt6x86Mr
TLSH T1F2159E1BF695A2BDD55AC0B493068A72B536B4CA0621BDBF01E1D7343F96E620F1CB1C
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter juroots
Tags:exe RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
dec_fixed.exe
Verdict:
No threats detected
Analysis date:
2025-12-06 17:34:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/260dac38-c2ae-4a50-b59c-01902d41ba12

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42776/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6934689bc61465c74cbc0528
Tags:
blic
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802
Verdict:
Clean
File Type:
exe x64
First seen:
2025-12-06T15:48:00Z UTC
Last seen:
2025-12-06T19:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/6ac78e34-8c20-4657-81a2-5c983109cadc
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/7c5493a0a5df52682a5c2ba433634601
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=246e6et4lqfh7g7q6omosxovlr7i633kk6b4rszrjpmzyli4taba._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access discovery spyware stealer
Link:
https://tria.ge/reports/251206-v334aacl8w/
Behaviour
Browser Information Discovery
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/52a7f734-993c-4688-b0ef-e5fd54aafa65
Unpacked files
SH256 hash:
d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802
MD5 hash:
7c5493a0a5df52682a5c2ba433634601
SHA1 hash:
29014d4d6fc42219cd9cdc130b868382cf2c14c2
Link:
https://www.unpac.me/results/3fde060a-026f-447a-b162-dcfc4d47e37d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dependsonpythonailib
Create hunting rule
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:ProgramLanguage_Rust
Create hunting rule
Author:albertzsigovits
Description:Application written in Rust programming language
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RustyStealer

Executable exe d73c4f127c5c0a7f9bf0f398e95dd55c7e8f6f6a5783c8cb314bd99c2d1c9802

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/42776/
  
URLhaus
https://urlhaus.abuse.ch/url/3727775/
  
Delivery method
Distributed via web download

Comments