MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RustyStealer

Vendor detections: 16

Intelligence 16 IOCs YARA 9 File information Comments

SHA256 hash:	ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc
SHA3-384 hash:	03d72c40ccea19a364f0a80c2d96a416edd7ea1341405d075f59db23170b7685642bfe202559e6db5debd81733da0c48
SHA1 hash:	7d3fef3b9d9687223ccfeab050c1d723db1d8852
MD5 hash:	c530a5a1a07db8e54a7269ee706c06eb
humanhash:	july-hotel-artist-utah
File name:	ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc
Download:	download sample
Signature	RustyStealer Create hunting rule
File size:	311'808 bytes
First seen:	2026-02-05 16:01:03 UTC
Last seen:	2026-02-05 16:35:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9b6a09682402b41e47daad1282d2b1e0 (1 x RustyStealer)
ssdeep	6144:kH7eUkY5Dw6oYd67ed19vm5tVe9dMn0Oy8cQX:6VP5yYg7i3mw9un0G9
TLSH	T17764AE2AF79054FDE42BC07CC6054966AA7778861B319AEF23A802353F276E55F3DB10
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	adrian__luca
Tags:	exe RustyStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

asyncrat

ID:

File name:

ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc

Verdict:

Malicious activity

Analysis date:

2026-02-05 12:53:14 UTC

Tags:

rat asyncrat remote dcrat darkcrystal donutloader loader rust

Link:

https://app.any.run/tasks/af42c86a-f1f7-47c1-b1d0-e05aa5f42df3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

DCRat

Link:

https://www.capesandbox.com/analysis/52305/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6984bf12117f8ed80109dd2f

Tags:

asyncrat crysan

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug anti-vm packed rust

Link:

https://www.filescan.io/uploads/6984bed6930564ff3c8d37e9/reports/e91df345-6ce8-4807-8b91-622269f9994a/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-01-28T02:00:00Z UTC

Last seen:

2026-02-07T01:58:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc/results?tab=lookup

Malware family:

MuddyWater

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bbccf689-50d7-4edb-ad20-50c511a461df

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc/

Threat name:

Win64.Spyware.Rustystealer

Status:

Malicious

First seen:

2026-01-28 10:04:00 UTC

File Type:

PE+ (Exe)

AV detection:

16 of 24 (66.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5rp342j7speg2rjtlkvgkahcl2dfsl25gqh22moztd3tc67efxoa._file

Verdict:

malicious

Label(s):

donutloader

dcrat

Similar samples:

error

RustyStealer

Result

Malware family:

donutloader

Score:

10/10

Tags:

family:asyncrat family:donutloader botnet:default loader rat

Link:

https://tria.ge/reports/260205-tgggqacx6d/

Behaviour

Suspicious use of AdjustPrivilegeToken

Async RAT payload

AsyncRat

Asyncrat family

Detects DonutLoader

DonutLoader

Donutloader family

Malware Config

C2 Extraction:

82.24.200.55:8848

Unpacked files

SH256 hash:

ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc

MD5 hash:

c530a5a1a07db8e54a7269ee706c06eb

SHA1 hash:

7d3fef3b9d9687223ccfeab050c1d723db1d8852

Link:

https://www.unpac.me/results/027b47db-55a0-4493-98c9-2f2a61d68a2a/

Malware family:

DonutLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ec5fbe693f93/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ec5fbe693f93c86d45335aaa6500e25e86592f5d340fad31d998f7317be42ddc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_Debugger Create hunting rule

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	ProgramLanguage_Rust Create hunting rule
Author:	albertzsigovits
Description:	Application written in Rust programming language

Rule name:	Rustyloader_mem_loose Create hunting rule
Author:	James_inthe_box
Description:	Corroded buerloader
Reference:	https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/52305/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample