MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2
SHA3-384 hash: ac0269f46354509191ade3aba02ecd8703c6048ad89f7c50636ad6a3a12cbff283474b3b60fea44e3a1d32d056fb8aeb
SHA1 hash: 83b3a576b0fb8b5bdc0ba03d07ecb06d5c5bcdc0
MD5 hash: 4fd121e01b83bf7710685da75853564a
humanhash: don-steak-emma-equal
File name:4fd121e01b83bf7710685da75853564a
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:285'696 bytes
First seen:2022-02-09 11:06:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01964b8ce8a862adba8387753bd05847 (2 x ArkeiStealer, 2 x BitRAT, 1 x Smoke Loader)
ssdeep 6144:tO2oIFcaWSVbSXZmlx0vQYIyg76tVQh9TP6ljpolWBHnm:tOAcJYOX7Rg767Wy4lA
Threatray 818 similar samples on MalwareBazaar
TLSH T153549E10BAE0C035F1B756F8497A93ACB52E7AB15B34A0CB63D526EE16356E0EC31307
File icon (PE):PE icon
dhash icon b2dacabecee6baa2 (33 x RedLineStealer, 30 x Smoke Loader, 28 x Stop)
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239441/
Detection(s):
Win.Malware.Generic-9936539-0
Create hunting rule

Win.Packed.Filerepmalware-9938531-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Changing a file
Creating a file in the %AppData% subdirectories
Creating a window
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Stealing user critical data
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6487/overview
Behaviour
MalwareBazaar
CPUID_Instruction
MeasuringTime
SystemUptime
CheckCmdLine
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6203a05cc79b424d720aa984/reports/3b5462f2-ef8a-4f01-8ece-0069eaf37e28/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c120e894-91e5-4d3e-b0d1-ffb9b91d3658
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/936768
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2022-02-09 11:07:12 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1a2bc82de6e0c26030a3600c836329329dbcf1d4d84e031a90dd7df5355ed612
ArkeiStealer
4fb9f08b1053d49ff58f30aa0016beefcd85041435ba9bb4b0402d99feb6df5e
ArkeiStealer
5c5d9711ea8ddb520646c0ac33e540c3860b795914749ee377040d8626ecc93b
ArkeiStealer
6340b2e385dab3667c44f935fc7015a3de62b36fe6e2c8dfba5bbb65566181aa
ArkeiStealer
650019380700d0b23b55df2ebbadbde8916ed07c10bd9427f5942c6c563d37de
ArkeiStealer
6e26766486507fac0c2b38d83731be41e0860dfa34dfef9e5273c38cb7d4b826
ArkeiStealer
b86da55b00429d3a757c64bc0489af5d2641bfa7aab9910eddec173af09c55b4
ArkeiStealer
ec4524dcf5814a8446d9967b207761234760d189272dae66a9a0c184a6bcbc79
ArkeiStealer
f124cfb109ce44f6cddb7d673dca30ed5b26fea1f500a21fd81454f684cf78be
ArkeiStealer
+ 808 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:dafault discovery spyware stealer
Link:
https://tria.ge/reports/220209-m7z87aacdk/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Windows directory
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei Stealer Payload
Arkei
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
http://googr.link/gate1.php
Unpacked files
SH256 hash:
054d474c1ae1a24df0f7a2a21a5e72c07b1c0f5562cdc37ef519214ff9ea2cd0
MD5 hash:
d51c939bdb90148e196f178860898a33
SHA1 hash:
366e8e022c1406b95dc2edcc0125b1db493c18fe
Link:
https://www.unpac.me/results/0c84bd6b-48d2-4225-904d-c341cd2cbf56/
SH256 hash:
04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2
MD5 hash:
4fd121e01b83bf7710685da75853564a
SHA1 hash:
83b3a576b0fb8b5bdc0ba03d07ecb06d5c5bcdc0
Link:
https://www.unpac.me/results/0c84bd6b-48d2-4225-904d-c341cd2cbf56/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/04584608efe9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2038536/
Cape
Cape
https://www.capesandbox.com/analysis/239441/

Comments


Avatar
zbet commented on 2022-02-09 11:06:31 UTC

url : hxxp://googf.link/MediaPlayer.exe