MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168
SHA3-384 hash: 405ea8220eb985d000604438eb22f21ec7e1309d4e333effb328125f09fb9fe373a44ad235c4bc66c868c27bf6c690f4
SHA1 hash: bba579eca8d55050f2eefdfdb6935eb8aa167be5
MD5 hash: 63359a020580f04f5c0d0a7893e8ed66
humanhash: nineteen-football-golf-hydrogen
File name:63359a020580f04f5c0d0a7893e8ed66
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:342'016 bytes
First seen:2022-07-14 07:01:06 UTC
Last seen:2022-07-14 09:30:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c4105a8833eb6f5aff1196f6e0fcdfb (5 x RedLineStealer, 2 x Loki, 1 x ArkeiStealer)
ssdeep 6144:ylQJLVZicKlSPSNnOVDgE03y4inbJm6UPN6nNxn1hJHwYY1rDSPzoqK:/7tKlSPSVkkE03hinbJm6CN9fD
Threatray 4'834 similar samples on MalwareBazaar
TLSH T1A474DF1176C0C032D5C729768421C7754FBBB8A52966AB8F7FC82AB90F756E2973130E
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon d2b1e4c4e4b987f9 (5 x RedLineStealer, 3 x Smoke Loader, 2 x CryptBot)
Reporter openctibr
Tags:ArkeiStealer exe OpenCTI.BR Sandboxed

Intelligence

File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288689/
Detection(s):
Win.Packed.Pwsx-9954187-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Creating a window
Stealing user critical data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/62cfbfac3ec0b06899788ac8/reports/fb985132-2350-44f8-8f99-c3d0e82f49e5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1031582
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2022-07-01 17:43:00 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=arpf74dgfd2nhdg46lyjwuprejurypabf7spcj32ifhhdqo4cfua._file
Verdict:
malicious
Similar samples:
2121c16d106fb8cd35739cbbd90dc39c2dcc087efda0dbfd62b2600e2e2549e7
ArkeiStealer
2dc5cc120e186c3673f4cf78d23e824eb02a1967501b32c16c9e567663499936
ArkeiStealer
475835b6703aade008c297f726c4cbe8fe29ac4d67bcf28d3761aeab59d3e929
ArkeiStealer
752125cf8e65610b3643591b04a4f10bdb805929a8a90500b3e1d188ce2f8ded
ArkeiStealer
839f3c45e51af32450e7f1ae966fc9fde7eb41115e77e6cbb49771dc49a8b0dc
ArkeiStealer
af77c5c4f896b94479c9f7c7a8f050fb62b1474c258bb0b78cb9836d49768a5f
ArkeiStealer
c6d30b29aef0b3adc7a385daa826012f821a267f11a1b6e797eb376de3a678b9
ArkeiStealer
e9cd5b800c1af1c0759935e2cdf85a4f062da5a982957760295aaed1aa2e5c8c
ArkeiStealer
ea8c332279f6b57a1f7b435bb2e6893a300116f2c5e820630a31b41eeb124964
ArkeiStealer
+ 4'824 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:1448 stealer
Link:
https://tria.ge/reports/220714-hs9rvsbdbj/
Behaviour
Modifies system certificate store
Vidar Stealer
Vidar
Malware Config
C2 Extraction:
https://t.me/ch_inagroup
https://mastodon.social/@olegf9844e
Unpacked files
SH256 hash:
3fd144b1df08dd9e3a157a35a9cfee34265b950337367ecafc5d14090818bd61
MD5 hash:
663181e1d62882de03fb57f1cadb4fe1
SHA1 hash:
bd6d71724f146e5adbddec18d968247d504998c8
Link:
https://www.unpac.me/results/69377197-8b08-4df7-9369-a3c17eb4e1fb/
SH256 hash:
045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168
MD5 hash:
63359a020580f04f5c0d0a7893e8ed66
SHA1 hash:
bba579eca8d55050f2eefdfdb6935eb8aa167be5
Link:
https://www.unpac.me/results/69377197-8b08-4df7-9369-a3c17eb4e1fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 045e5ff06628f4d38cdcf2f09b51f122691c3c012fe4f1277a414e71c1dc1168

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2237500/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/288689/

Comments