MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f10d4f6c5e41e9c6e60259022ea43341959d5a699bc20999e871bed643a8d42c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RustyStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f10d4f6c5e41e9c6e60259022ea43341959d5a699bc20999e871bed643a8d42c
SHA3-384 hash: d028c21da97d60d6b301879b0ff35de01bddab5fcced3ed1f17be542d9fb5a0200744317b1d9cd9f2e7810a472c35a42
SHA1 hash: e59873fedf5c2859914e01e5929d0a6f0e14922f
MD5 hash: 103a648eadd067ae42c853264e0851a2
humanhash: violet-five-west-twelve
File name:KModder.rar
Download: download sample
Signature RustyStealer
Create hunting rule
File size:35'032'448 bytes
First seen:2026-02-28 10:59:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: KModder123
ssdeep 786432:a22MomviDeneqH33JxjnOUrrq7OGBXGPvRG5sIlH0XrKvN:a2jv/n3Hpxz5rrGBjfx07KV
TLSH T1477733282577CCAC1D1CC5BAABA50BD5CDDB7BCC64EB025700B8558200792A779BF39B
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter burger
Tags:pw-KModder123 rar RustyStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
NL NL
File Archive Information

This file archive contains 9 file(s), sorted by their relevance:

File name:KModder Executor.pdb
File size:15'464 bytes
SHA256 hash: 28e5580fe2b921e3b197bcbb4187de3c5245c3025ce3b1619ee96a89bb1b35ec
MD5 hash: 87a8694a7b71dff35b55184fb3aee7ce
MIME type:application/octet-stream
Signature RustyStealer
File name:KModder Executor.deps.json
File size:831 bytes
SHA256 hash: 6c42d66e6d3e866e33caaf98a8cfceaa4d22ce8c8ce22981d5e5f73910748b64
MD5 hash: 2b4d30ed0108c7f0fae298a5c7c67be6
MIME type:text/plain
Signature RustyStealer
File name:current_version.txt
File size:5 bytes
SHA256 hash: dc12666e07ed23b09d26df08cf22979241f3d708013591aa547ff2ad90606d94
MD5 hash: 2ebc9247ec2a556ab95a6000ba8dd8f6
MIME type:text/plain
Signature RustyStealer
File name:VelocityAPI.dll
File size:17'408 bytes
SHA256 hash: 7f8b8d05d22c24e9444e8c5da63e5631c762971f4ba6e79ba823fe3880fa95df
MD5 hash: 229bdd461d751c7b63e61c926f5ed6b7
MIME type:application/x-dosexec
Signature RustyStealer
File name:KModder Executor.dll
File size:21'504 bytes
SHA256 hash: b8d58a0753a745bea7dbb9c0ebec9f2764b381cdb7216f9e775ca68f76495b5e
MD5 hash: 03792ee987233bc178372549e2a32981
MIME type:application/x-dosexec
Signature RustyStealer
File name:KModder Executor.exe
File size:154'624 bytes
SHA256 hash: 82a58ba019425beaaa772a235be2838d41855d5c69e69f29941c8c928967a148
MD5 hash: f291eb3d9c758833cfbaa4405f28c165
MIME type:application/x-dosexec
Signature RustyStealer
File name:Decompiler.exe
File size:9'900'032 bytes
SHA256 hash: fb5c5e11296f8cd6b552aa03daf760d99a380077ff92ba657d4d956af5f3d0f8
MD5 hash: a109790efbe0542dddf63ef0415dd508
MIME type:application/x-dosexec
Signature RustyStealer
File name:KModder Executor.runtimeconfig.json
File size:515 bytes
SHA256 hash: 89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd
MD5 hash: e0f6f18f9b152bc2d8c710b0214805d6
MIME type:application/json
Signature RustyStealer
File name:erto3e4rortoergn.exe
File size:39'984'640 bytes
SHA256 hash: 30bde4508556de4942081b7e16f320c638a7744efe602ad160b700e3575f585b
MD5 hash: 4d963241296a0b5ae8d59aac9b02cc00
MIME type:application/x-dosexec
Signature RustyStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/e9980be9-0445-4e20-ac2d-d90b5481f6e6/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2cad6c950ab5d9ab2736a
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f10d4f6c5e41e9c6e60259022ea43341959d5a699bc20999e871bed643a8d42c
Verdict:
Unknown
File Type:
rar
Link:
https://opentip.kaspersky.com/f10d4f6c5e41e9c6e60259022ea43341959d5a699bc20999e871bed643a8d42c/results?tab=lookup
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6egu63c6ihu4nzqclebc5jbtigkz2wtjtpbatgpiog7nmq5i2qwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f10d4f6c5e41e9c6e60259022ea43341959d5a699bc20999e871bed643a8d42c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments