MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01e8d2aa2d98fdb35d6e20007d1d919884e2bb71ef7a815417c23336d7153dd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Arkei


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01e8d2aa2d98fdb35d6e20007d1d919884e2bb71ef7a815417c23336d7153dd8
SHA3-384 hash: b7eeca6437d95aa342de35f7a10ed862241e7b4f79498eeefd757b9aa1b561bb3bc6136745dcc1c2b46219bea4868a4b
SHA1 hash: 29f05dd9175a0226ddd788a6586a2dacdfd9ed9d
MD5 hash: 1f3193e19ec8ed97fab4075a88422dac
humanhash: jig-lion-vermont-winter
File name:SecuriteInfo.com.Trojan.GenericKDZ.78846.22148.30352
Download: download sample
Signature Arkei
Create hunting rule
File size:788'992 bytes
First seen:2021-10-11 04:52:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f9ea7fd19aba2d67c1ba609de266a8db (4 x ArkeiStealer, 3 x Smoke Loader, 1 x Arkei)
ssdeep 12288:lvWRBSmYU/4y53skuqfljHcdjpcq+bSK90qtDmlStXIHLi1DLswOJUL1GNnQMrrP:lgNwU3DuKTQ5+bSKFtDJXI21DLslUoN
Threatray 3'261 similar samples on MalwareBazaar
TLSH T14BF4F110A791C039F5F312F856B99379B53E7EA1AB6488CF53D01AE95A70AD0EC3134B
File icon (PE):PE icon
dhash icon 3098b430caccccf8 (1 x Arkei)
Reporter SecuriteInfoCom
Tags:Arkei exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKDZ.78846.22148.30352
Verdict:
Malicious activity
Analysis date:
2021-10-11 04:54:00 UTC
Tags:
trojan stealer vidar loader
Link:
https://app.any.run/tasks/c41a86f4-e71c-4a34-b94d-9d6e3288fbfc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196433/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.78846.22148.30352.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Sending a TCP request to an infection source
Launching the default Windows debugger (dwwin.exe)
Query of malicious DNS domain
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed stop
Link:
https://www.filescan.io/uploads/6163c3301c2d58ba74011679/reports/46a4f284-c217-483b-a5fe-0898d76b06c1/overview
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/868276
Signature
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01e8d2aa2d98fdb35d6e20007d1d919884e2bb71ef7a815417c23336d7153dd8/
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2021-10-11 01:51:40 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahunfkrntd63gxloeaah2hmrtccofo3r555icvaxyiztnvyvhxma._file
Verdict:
malicious
Similar samples:
039319cf3944c2873517912d91bd02c48a634c36ef69acab04e54d1ce07685c1
Arkei
0793806881cb1dbedfef2915436b24ce78e91bc43652e8f7267835d2d63bdfbd
Arkei
3959a10d715c4da846fb6b56b80270bfdefe57552adb43d229e0e78ee051e5ea
Arkei
42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3
Arkei
6cdbb76978e0dcbb39bc84b8726616b7e5034e93e3fb52bd1f190d352ac4c561
Arkei
9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2
Arkei
a4135c43aee02115c239b00fad113112dd908aa3d3013337b009b423a17c441d
Arkei
cebf4c9af84506f3b683d5d4867b739244b6ba595772d583b3455781c4d91b74
Arkei
d8b60c04d8afce12aa497f929b4d7b8b2cd15f79bd8ebb1d68357f8eea271d79
Arkei
fa7f51831c97c16b3e83e13c22e5c899a67c795347225a6713ef3fac7e300174
Arkei
+ 3'251 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:903 discovery spyware stealer suricata
Link:
https://tria.ge/reports/211011-fhzg2agdgq/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Kills process with taskkill
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Vidar Stealer
Vidar
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
Malware Config
C2 Extraction:
https://mas.to/@serg4325
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/01e8d2aa2d98/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/01e8d2aa2d98fdb35d6e20007d1d919884e2bb71ef7a815417c23336d7153dd8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Arkei

Executable exe 01e8d2aa2d98fdb35d6e20007d1d919884e2bb71ef7a815417c23336d7153dd8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1664842/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/196433/

Comments