MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381
SHA3-384 hash: 6af47755b67d39a6b1196d2358d1cfec930f8338ed2d112265fd19c3cbaea2793c442be051697dfdfa629385eeaeb12f
SHA1 hash: 91c624f49334cda914b74f684cb5d7479283c178
MD5 hash: 3e8307ec4f41763c93622f351eba6774
humanhash: triple-artist-oscar-salami
File name:3e8307ec4f41763c93622f351eba6774.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:275'456 bytes
First seen:2022-03-22 18:49:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b5dd8ae6c49e5fbd407dc1f346434cc (4 x RaccoonStealer, 2 x RedLineStealer, 2 x Stop)
ssdeep 3072:PZBfnKjgFj6tyoAmBBBLHRLBuisUz3IMgm3A5tjVp2B:BBvKjzhxLBPsC40sy
Threatray 920 similar samples on MalwareBazaar
TLSH T1EC44E0123741E632C4D360757829C3A16E3EB8311661CD473BD92B2E5E343D6BAF5B0A
File icon (PE):PE icon
dhash icon 5c59da3ce0c1c850 (36 x Stop, 33 x Smoke Loader, 26 x RedLineStealer)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/255084/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.15476.31697.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/10480/overview
Behaviour
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/623a1aa1b94fb38cb4d0f151/reports/760ea552-8d77-446d-9af7-b678e1c12280/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0d310f76-8e01-4cce-b86b-f4a3d3ead2ff
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/962067
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2022-03-22 18:50:21 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=coti42d5n5npugnrzomt6nac7e67xu7s27ghqlazcjctz2dx2oaq._file
Verdict:
malicious
Similar samples:
74afacc1e49302d3c5061cd9f1133fb89a4ddfb6da46d955a56b404bd6a3df66
ArkeiStealer
7b3477dd2631e4a11f269a2ce899821c89c65be7ea47a8486d6da48dbb94590b
ArkeiStealer
8353b4f27d55239e6935b1c122da96621ee66b0915750ed9b0b5a0b50f1d9b0d
ArkeiStealer
9abfd615c63ff14217232d5e369aa9411b4f427c9195a814c68395ede43dfc20
ArkeiStealer
b601b8c369fb891bc3856cab793446efde8c685d4c2ef4b556fb35b46253ad7d
ArkeiStealer
ee7bd39d4d29eb7d605e5ee83da5247cfe11e14f397a76d64bb781fcc29ef583
ArkeiStealer
+ 910 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default discovery spyware stealer suricata
Link:
https://tria.ge/reports/220322-xgyyjsdbbl/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks computer location settings
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei
suricata: ET MALWARE Win32/Arkei Stealer CnC Checkin (GET)
suricata: ET MALWARE Win32/Arkei Stealer CnC Checkin (POST)
Malware Config
C2 Extraction:
http://coin-file-file-19.com/tratata.php
Unpacked files
SH256 hash:
111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840
MD5 hash:
6d15db437bc71c183dd9604829a5354b
SHA1 hash:
a0bbf5585eea01ef056a3a76d8975f6f585d7d01
Link:
https://www.unpac.me/results/51fce2c9-17bc-4fd9-8ad4-542abb3aee11/
SH256 hash:
13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381
MD5 hash:
3e8307ec4f41763c93622f351eba6774
SHA1 hash:
91c624f49334cda914b74f684cb5d7479283c178
Link:
https://www.unpac.me/results/51fce2c9-17bc-4fd9-8ad4-542abb3aee11/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2063967/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/255084/

Comments