Multi-License Discount Quote

Change Region

English
Threat Database Stealers Trojan.Stealer.ACC

Trojan.Stealer.ACC

By CagedTech in Stealers, Trojans

Threat Scorecard

Popularity Rank: 14,037
Threat Level: 80 % (High)
Infected Computers: 3,953
First Seen: December 14, 2022
Last Seen: May 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Stealer.ACC
Signature status: No Signature

Known Samples

MD5: 20daa2b56acc915bc90dcaa868bfa31b
SHA1: ac74248163d757ee4da551f8cc5ebeda7745a97e
SHA256: 0B586F16BA08538D8779A08B19004993F2BAD1AA936EF2E75899C24133309357
File Size: 577.02 KB, 577024 bytes
MD5: 1fcee4db261a54db1ef511a4dd776ace
SHA1: 52b2238b9b08bb26c3511f26d95bc58d5b1373bb
SHA256: E7885E82D3E17E921144B8E098B96CA8DC091B92355F60954CC5C62A46211ECA
File Size: 254.46 KB, 254464 bytes
MD5: 50fc6559127c76fc8112f9dab70f1b8f
SHA1: ada27ed2eed21562667ce9c4c8ca3712d2c194c7
SHA256: 4B1B9E1ED0EFA52E4663F9247477C273166481FDD8E639CAE35C4909DE3566D9
File Size: 254.46 KB, 254464 bytes
MD5: c09a98923a69222bcca1bc1490e1e4fa
SHA1: 3d3a91f71b1820260145db0c9cf9007d701de398
SHA256: 47025AE589009308160E1135BA486E9B10BD2E7E237F09F0622056EDD83333E0
File Size: 563.79 KB, 563792 bytes
MD5: 946a9cc6b501d993a108c90ef7d0930d
SHA1: c98aa812a271c9c78017c2c90b60a97ae13df9cf
SHA256: BF24277400CC453D530E4277D3BD24E96C5E409ADEF6970518BDC59205AA0241
File Size: 625.66 KB, 625664 bytes
Show More
MD5: 499485462d49941c6e576cbb70a4cd5f
SHA1: a28bdf08b8ba649891873b6cfafd65086b1f6c9f
SHA256: D7FB7F10D685651E3AF3D081BB4A115A72EB0B27053BD4B41DBE6CD80E199925
File Size: 342.02 KB, 342016 bytes
MD5: b4982963500caff5109ca39b37210f0d
SHA1: f21dfba550b7f2e5dba9ffe96c69f9c63cca9de6
SHA256: 230165723206732C163EA886ECF612F02C9BF5443946A15CADF4D7E8F18D5CEC
File Size: 625.66 KB, 625664 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
NVIDIA Corporation DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • 2+ executable sections
  • fptable
  • HighEntropy
  • No Version Info
  • packed
  • x86

Block Information

Total Blocks: 1,947
Potentially Malicious Blocks: 329
Whitelisted Blocks: 1,499
Unknown Blocks: 119

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 x ? 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x x x x x x ? ? 0 0 0 x ? 0 0 0 0 x x x x x x x 0 0 0 0 0 0 ? 0 0 x 0 x 0 ? 0 ? x 0 0 x x x x 0 0 x x 0 0 0 0 0 0 x x x x x 0 x x x x 0 x ? 0 x x x x 0 0 0 0 0 0 0 x 0 0 x x x x x 0 x ? x x x x x ? 0 0 ? 0 x x x x 0 x x x x x x x x x x x 0 x x x x x x 0 x x x 0 x x 0 0 0 0 0 0 x 0 x x x x 0 0 x x x 0 x x x x 0 0 0 0 0 0 x 0 x x x x x x x x x ? 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 x x 0 x 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 ? x 0 ? 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x x x 0 ? ? x ? 0 x 0 0 0 x x x ? 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 x x x 0 x x 0 0 0 0 x 0 x x 0 x x 0 x 0 0 0 0 x 0 0 ? x x x x x x 0 0 0 0 0 x x 0 0 x x x x 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 x x x x ? 0 x x 0 x 0 x x ? x x x x x x x x x x 0 x x 0 0 x 0 x 0 0 0 0 0 x x 0 x x x x ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? x 0 0 0 x 0 0 ? 0 0 x 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? 0 ? x 0 0 0 ? 0 0 0 x x 0 0 x 0 0 0 x 0 x x x x ? 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 3 1 1 1 0 1 1 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 1 1 0 0 0 0 0 0 0 x 0 ? ? x x x ? ? 0 0 ? ? 0 0 ? ? ? 0 x 0 ? ? ? ? ? x ? ? 0 ? x ? ? x x x x x ? ? ? 0 ? x x ? 0 ? x ? ? 0 ? x ? ? 0 x x ? 0 x 0 ? ? ? ? ? x x x x x x 0 0 x x x x x x x x x x x x x x x x x ? x x x x x ? x ? ? x x x x x ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? x x x x ? x x x x x x x x x x x x x ? x x x ? x x x x x x x x x x 0 x x x x x ? x ? ? ? ? ? ? x x x x x ? x x x x x x x x x x 0 0 0 x x x x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FGDC
  • Downloader.Agent.CZ
  • MSIL.AsyncRAT.AU
  • Stealer.VB
  • Trojan.Kryptik.Gen.ACU

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\4b56126fa52f7db9080f75930f649bfa Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\7ad406287e052ecab43951c39e0cdbf1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\4b56126fa52f7db9080f75930f649bfa Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\7ad406287e052ecab43951c39e0cdbf1 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\systemcertificates\ca\certificates\f9388ea2c9b7d632b66a2b0b406df1d37d3901f6::blob RegNtPreCreateKey
HKCU\software\microsoft\systemcertificates\ca\certificates\626d44e704d1ceabe3bf0d53397464ac8080142c::blob 浢턄ꯎ뿣匍琹걤肀Ⱄ耏ᱡㆂ핡⠯跧㡆Ⲵ웡炐出෠ᯎﶮᛐ繈 ߪꝾﶥ蘋頡掀愵৖㇎颳邴庐苖盤˜컱经Ṭ汵Ϙ⛶\ࠀ㨏✅䋒ⷞ軉ﱜ Ӭ舰舰퀃ΠĂȂȐ⹴ឪ車육묗ﰟ೽゠؍⨉ RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetUserName
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection

Trending

Most Viewed

Loading...