MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf
SHA3-384 hash:	2b9a16f7f88332b0c907358c58772bf0eec9c259bc322f7f067c44cd73ff4cd6b031f53ccf832dd560083722a691ec9e
SHA1 hash:	79880821d7c0c7503af289fb210107fb7cac2ccb
MD5 hash:	c6eb2ef8d00fcebf74253064a4da862e
humanhash:	sweet-nine-summer-venus
File name:	c6eb2ef8d00fcebf74253064a4da862e.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	303'616 bytes
First seen:	2022-03-28 08:05:20 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1690f0efc188c620ac36940e114b98ae (4 x DanaBot, 3 x Stop, 1 x SystemBC)
ssdeep	6144:xqibQafj9tP30ZFEMUhuiBgzweH8Jop+D2iXs:xqibQafPPam4PRqxCiX
Threatray	452 similar samples on MalwareBazaar
TLSH	T1CB54DF323596C833F62602B15C16C770AA7B7C3519719A8B3BC9296D5F323E3DE6530A
File icon (PE):
dhash icon	5c599a3ce0c1c850 (36 x RedLineStealer, 27 x Stop, 21 x Smoke Loader)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

195

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/258492/

Detection(s):

Win.Packed.Strab-9942213-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/11750/overview

Behaviour

SystemUptime

MeasuringTime

CheckCmdLine

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/62416c6d9253b276b78d6e4f/reports/b4a5f9ca-51be-40a1-bd4c-88e7b4e90d83/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/68e1dcf1-aafd-4997-adc9-1f0b2084ee21

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/965599

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking computer name)

Found evasive API chain (may stop execution after checking locale)

Found evasive API chain (may stop execution after checking mutex)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf/

Threat name:

Win32.Trojan.Raccrypt

Status:

Malicious

First seen:

2022-03-28 08:24:02 UTC

AV detection:

24 of 26 (92.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cgtjx64ksmstye6x4z2u3gndxpw7bxaw3c4bw6vrulunzgtcro7q._file

Verdict:

malicious

ArkeiStealer

80eb939dd66ed675ede99db5fd93226b65b82e34ec7d62d71381c34ade23f38b

ArkeiStealer

8353b4f27d55239e6935b1c122da96621ee66b0915750ed9b0b5a0b50f1d9b0d

ArkeiStealer

9566b358245b9df4740c0c8b23518199f8fce7684ec3d6011f6ea2218c95763b

ArkeiStealer

a3f3ecdc47707e721e469b9ef8ebdd3f53148dad6a6148f2410efc0a2e2dab58

ArkeiStealer

ab787c1c75509f4cfe8d221accef6e65fda11d2b4210d90fe864c214f084641a

ArkeiStealer

b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35

ArkeiStealer

c5b4412dc2ecb3b2f17edaa6df61f122243166cd2429f6f54536075caa760661

ArkeiStealer

+ 442 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220328-jzd47sdcfj/

Behaviour

Program crash

Arkei

Malware Config

C2 Extraction:

http://coin-file-file-19.com/tratata.php

Unpacked files

SH256 hash:

111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840

MD5 hash:

6d15db437bc71c183dd9604829a5354b

SHA1 hash:

a0bbf5585eea01ef056a3a76d8975f6f585d7d01

Link:

https://www.unpac.me/results/95ab7fc2-e8c6-4c35-be89-5df74c6fa23a/

SH256 hash:

11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf

MD5 hash:

c6eb2ef8d00fcebf74253064a4da862e

SHA1 hash:

79880821d7c0c7503af289fb210107fb7cac2ccb

Link:

https://www.unpac.me/results/95ab7fc2-e8c6-4c35-be89-5df74c6fa23a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

exe 11a69bfb8a93253c13d7e6754d99a3bbedf0dc16d8b81b7ab1a2e8dc9a628bbf

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2063967/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/258492/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample