MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 8


Intelligence 8 IOCs 5 YARA 33 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7
SHA3-384 hash: 43a37a4907fb5938567469874397b4cd42a153b98aa9976a8b801e36cdd907f27a7fd86d81bb088cc126cf5d24c8b3de
SHA1 hash: 11dc6d0965e5d85b61dcb5a214d1ce2080f804e9
MD5 hash: 8e4639500eac5465dc0475be84156667
humanhash: september-missouri-angel-sweet
File name:8E4639500EAC5465DC0475BE84156667.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:3'938'203 bytes
First seen:2021-06-08 07:06:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32569d67dc210c5cb9a759b08da2bdb3 (122 x RedLineStealer, 42 x DiamondFox, 37 x RaccoonStealer)
ssdeep 98304:xzCvLUBsgDAFcgEYkwZEtxdg2oRTM4ZV1QQH/dsQwjeRhwIm7:xILUCgDAOgEYkHLiNZDQQHlRw6RC9
Threatray 40 similar samples on MalwareBazaar
TLSH 200633A03AFA85F6E7421A709D886F7B52F4C758073405A77F24C6886B3DCA58537E0E
Reporter abuse_ch
Tags:ArkeiStealer exe


Avatar
abuse_ch
ArkeiStealer C2:
195.133.47.9:80

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
195.133.47.9:80 https://threatfox.abuse.ch/ioc/67395/
http://185.99.133.218/ https://threatfox.abuse.ch/ioc/67932/
162.55.55.250:80 https://threatfox.abuse.ch/ioc/67974/
80.92.206.22:80 https://threatfox.abuse.ch/ioc/68028/
185.215.113.204:23302 https://threatfox.abuse.ch/ioc/68044/

Intelligence

File Origin
# of uploads :
1
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8E4639500EAC5465DC0475BE84156667.exe
Verdict:
No threats detected
Analysis date:
2021-06-08 07:53:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/52d41e2d-ecb4-46e7-b621-e3bf13041f99

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/165187/
Detection(s):
Win.Packed.Barys-9859531-0
Create hunting rule

Win.Malware.Barys-9859550-0
Create hunting rule

Win.Trojan.Jaik-9862172-0
Create hunting rule

Win.Trojan.Jaik-9862229-0
Create hunting rule

Win.Trojan.Jaik-9862232-0
Create hunting rule

Win.Ransomware.WannaCry-9863720-0
Create hunting rule

Win.Malware.Generic-9863888-0
Create hunting rule

Win.Trojan.Jaik-9863966-0
Create hunting rule

Win.Packed.Jaik-9863991-0
Create hunting rule

Win.Trojan.Jaik-9863993-0
Create hunting rule

Win.Malware.Jaik-9867553-0
Create hunting rule

Win.Trojan.Jaik-9867592-0
Create hunting rule

Win.Trojan.Jaik-9867735-0
Create hunting rule

Win.Malware.Jaik-9868134-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Searching for the window
Sending a custom TCP request
DNS request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/798639
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2021-05-31 18:39:00 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ctbwg5c5hracabjp76jvegcr2p7nx3klkwbsg43stywez3c3fpdq._file
Verdict:
unknown
Similar samples:
1cee17cd6f7686d053d6a70106b234cc70e07718cc5a81731ec3256ca1988b8d
ArkeiStealer
4e9bb871716df27af35ede8b153efa96e131321fa3ced426fce64b893ebd089a
ArkeiStealer
542a06a554ad5e9acfece719248d219215e7376338b1b55dd98eb94a169dd800
ArkeiStealer
6552cf64c39a8bd219e97300c065290e11394898334a02f916f58566e2fbc7d7
ArkeiStealer
76695f6c444b5dc5e8f8104ece90e45aa711df868faa0f0d88b730a8da54fc09
ArkeiStealer
aa38af0f16d1e18d0e9e3ce186b7b4505fce90d26dcb925108c1923df691bd38
ArkeiStealer
bf568d0e239dab8af1d9c25155a62eeef59bf250c187b38b860cca90cf8ebcee
ArkeiStealer
c65d8512251131ad80b98ba840dc5338b921eee93a8ca1b0392ea21c269d74a8
ArkeiStealer
d472f0cb1d205de54297693f856eae5ad6d0d90be070a6d3e105a79987a54a06
ArkeiStealer
f8b69bd4d7c6a8c131c5f9cd93ca7d0a3645f9cf1f207608bf8d209f3bcaa3b3
ArkeiStealer
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
aspackv2
Link:
https://tria.ge/reports/210608-l2ftb8pgrs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Program crash
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Unpacked files
SH256 hash:
9f319dab97c8bc89cd3c9333d5aa1d410411d9ff704e6456c98ca287cf937e13
MD5 hash:
a4ffed759efd8d98e53520687a6fa82f
SHA1 hash:
4eb61789626a471149624eec88e9bb85bf9fd09f
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
b83a3f1d52c264c505a24d96946aa60ae043568adf4cb3199382b1bcf4f7b58f
MD5 hash:
f2d6d33b2e56bde73afb7082d13911d9
SHA1 hash:
d4f4a0ef3cad7e03c66635b401e1dff4d5641893
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
e8a7fc6bd7f99422c622992247b4142b2df64ed7b0f87cd2bc2c6eac099b0f41
MD5 hash:
2a0f0ae3216ebd6c08efaf6c80e1d2ed
SHA1 hash:
bd10ae9bb9ca1820e17b2a81651d50cddfb7f325
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
26612f977e601dce9dd60308e2098f2730249373050586f7dba403219e4745e3
MD5 hash:
2e68836764fe610204084e712b15cdd0
SHA1 hash:
a39af6ae81d3801f6c3579347351e35f5747dfe6
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
eb3691d3a707c8b1d5b45402ef3344d7e6388eaac64065a13cf5c9afa53a2b01
MD5 hash:
3038ae600c1657fad2fdc1a3072820d2
SHA1 hash:
6a855667f0219302dbe1ab2c80feb56c8822051b
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
28020c8e7fccc47fcf37896f6828b3f978fc946764fc8b416a088b65ff166860
MD5 hash:
f9aa38507c2fe82e4186b7bc25e1b093
SHA1 hash:
3021547606460a99fe8391ff0a932d8df8601842
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
16475b2a669b3861115e4d166097006d9a523b4e73be8446efc166fdee8174f3
MD5 hash:
6024b3fd3069c2492fdc0b22626cf78c
SHA1 hash:
2e2ca98c9e2f9f8b41557c1bda11fc27ff8f5804
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
48dcd9dd2293c0eb836460916be8bcf08d20191e1af9851ff5bc75b7344eb905
MD5 hash:
2db518688116cdd0bf10081244f4dc66
SHA1 hash:
26f13e8c836ed665440547a5053583a4d20185cf
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
08e7bd0f28b7ce09922bf6551be3475075594da2343352dfa547b2dc601603e5
MD5 hash:
86e3a2e9d9bf3df4d5fec1f0b7074b02
SHA1 hash:
2315e22fe1fe767a29f4e98844c9307019075803
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
bf523c21caa9dad41c5ae81df03e46fce44989267753de4d7811697de264086f
MD5 hash:
3592100ce6c2805560a3ba6feb26ab0f
SHA1 hash:
1f40fc5d1b6d51fa26609743dfa74f1df6d85df3
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
e427f8ef21691e3d8c2313d11129ad08ddef69a158eca2f77c170603478ff0c4
MD5 hash:
0dedd909aae9aa0a89b4422106310e9e
SHA1 hash:
271d36afa5b729ee590cf8066166ca5e9c9d0340
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
b0db2125ca1e06878a03c3051e459532cf9f61a7266ed11ec5c30ea63558aa46
MD5 hash:
d96d1e3735bfb894fbb14533b1b85886
SHA1 hash:
e97e1648609e47314e3a3431a11bc25ad4b30b73
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
dd76dacb4cf77726e95ed79f9ca5a56e878da89902c0eacb7c146e40122549b3
MD5 hash:
c4d8e5ea0d18d418c41145116ff52fe4
SHA1 hash:
00fe4def6d8e3a9fbec9ca61096d5457804dcf12
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
57f0733d2875a538ff7664461a55b9bdd234781c9fa3f3c3b3525d1574e153bd
MD5 hash:
2ec6577edbdeb5abcb2c8a19c6adf9cb
SHA1 hash:
46b35a90004b9cad525042ce19c9a7bf83ca0cab
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
38859f922241e0a0460f62d01b5febffced68b086619fad78dded8dcb4588e11
MD5 hash:
76cd523da200a0d1972a7d19109a0d15
SHA1 hash:
7b07dcc3942b69bc05d3e95b791aa1bb5ec33575
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
7bf855ed4e48edbc8a707d5def39cdc15075dc748ee0db7b4ef17796f29eb6c7
MD5 hash:
76dd1c38cdc00f973b79adcd96d44e31
SHA1 hash:
001167595e8cce354811061ab5b6c68c2abe4723
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
77b2d8b562ab60f4ce2ca009640bc272f31ce5c405ec7bcce3f85d8f629be0a8
MD5 hash:
8877fcc22497e8e64735528ad5dfb783
SHA1 hash:
37e6cb6b3b8a9a98f8ec366c725125b57f13df9d
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
e831df1e9c9c31f1fe3202cba7b868a033d78e5e64c8898e3e43fcdbfd7391f4
MD5 hash:
1b781a5db84857977d4d66d04ec26bb6
SHA1 hash:
f3ae793bb1bc4208f1cc0e4dbd55c38b1a616030
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
08b6729a86f29dd04f4025019ad24a104e8cc34aad99e76820931cd03ce11ce2
MD5 hash:
0eaa908f4840606aebdcbcd1a42db0e3
SHA1 hash:
ff55e5d49ec66270774c601c3d86ec9a0a88d8ce
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
f7a22d383fb7c74e0e9b4b3907eeaf44acae4fe4a741face453d107eadd9ccfe
MD5 hash:
aabc7a3044ba7ea1594c0eab199d9547
SHA1 hash:
8d4143739f9c32c66ad6ac096cec8b6725f20218
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
e0bd25d03f1259364e23d3a10055b0f1911221ada29bdac572d599f86a64819f
MD5 hash:
5176d056098051cdfcf90c37e59359cb
SHA1 hash:
fbfaa6ef8d4576f1dbcfe8f573bf32808a4dc4b6
Detections:
win_vidar_auto
Create hunting rule
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
Parent samples :
0c8ad3a0485e2edad4d5cdde99d34434d79233c131edd06e6efa25f8bc86037e
ec602e5151e622f2f47d79575dc42aacf84681c7f4f901b146a5edb85507f788
14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7
9ab3974177adbac89ee70f9ca1eb8d9a1db104243bb87e41245c26518177613b
08e74804dbce755393239ab96ac551ef5ebd854f1061fea263ad3282c860b0fa
8c4e6da28813ff6350d719e9080fa2720c61037f641f4f49d585c12e0b2a7e87
SH256 hash:
9a9a50f91b2ae885d01b95069442f1e220c2a2a8d01e8f7c9747378b4a8f5cfc
MD5 hash:
957460132c11b2b5ea57964138453b00
SHA1 hash:
12e46d4c46feff30071bf8b0b6e13eabba22237f
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
fcb8d43635aa485c8b25f1140ba4e56f6f0cbf3054d5dedc96a851d4731a2a6f
MD5 hash:
695c2eff3b7705b6a2d4d25a2692c132
SHA1 hash:
73c2dffcf2e7170d8bfda8cc7282b2bf7bb5f199
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
Parent samples :
1dcab4cdffdf269ea33719990ac81c515345b50fe1c60a3fe7e47d1a59fb7cc0
1a27e7943700b31774ab4347b5d2f92be9a50b8a7daeab5b066a0af53c11cdec
3e0c3d945255efa34ae84ba50f144ed86d2f23e451a6695e3c9120dc57632a3d
c5bf77877c8b8254ff63320397401444788b6ffcf7b0f7d4c31fef2d02132e4d
a62e5c321acf5b890bd7a235ea62b8a4061e9ceb1273310ac5ccae57d583cc5e
7a4df2fc82c0b553d0b703f51635fd62cf02553706f942c66d752c1d8fae207b
e79f148128e425bd5353039f515bd64a9b562ac0897306d81dad0b529ffbea3a
SH256 hash:
36d4445c2dfc10d24dc706f7a295973196f7a9d61dc87ee3cd0354c3f0394408
MD5 hash:
6419081ab1062b2a7ff3ed7f9c847658
SHA1 hash:
fa6c1bd495ecda6f0f9628ecf391a9767303c8a8
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
038968d05589695ba0e816adede023dc9104d4d37be79c0c5a323f67a46e3c25
MD5 hash:
b42a282ae12881cd90b1ed75155dae09
SHA1 hash:
5e50cc85c83fc3dbd73e432edd764fbb7860279e
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
SH256 hash:
14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7
MD5 hash:
8e4639500eac5465dc0475be84156667
SHA1 hash:
11dc6d0965e5d85b61dcb5a214d1ce2080f804e9
Link:
https://www.unpac.me/results/e6a19b53-711f-4c88-96e4-6b00d8f6da5b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14c363745d3c4020052fff93521851d3fedbed4b55832373729e2c4cec5b2bc7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Chrome_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Chrome in files like avemaria
Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:hunt_skyproj_backdoor
Create hunting rule
Author:SBousseaden
Reference:https://unit42.paloaltonetworks.com/unit42-prince-persia-ride-lightning-infy-returns-foudre/
Rule name:INDICATOR_EXE_Packed_ASPack
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ASPack
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_References_CryptoWallets
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many cryptocurrency mining wallets or apps. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many file transfer clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_Referenfces_Messaging_Clients
Create hunting rule
Author:ditekSHen
Description:Detects executables referencing many email and collaboration clients. Observed in information stealers
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePasswor
Create hunting rule
Author:ditekSHen
Description:Detects PowerShell content designed to retrieve passwords from host
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:INDICATOR_SUSPICOIUS_WindDefender_AntiEmaulation
Create hunting rule
Author:ditekSHen
Description:Detects executables containing potential Windows Defender anti-emulation checks
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:MALWARE_Win_DanaBot
Create hunting rule
Author:ditekSHen
Description:Detects DanaBot variants
Rule name:MALWARE_Win_HyperBro03
Create hunting rule
Author:ditekSHen
Description:Hunt HyperBro IronTiger / LuckyMouse / APT27 malware
Rule name:MALWARE_Win_RedLine
Create hunting rule
Author:ditekshen
Description:Detects RedLine infostealer
Rule name:MALWARE_Win_Vidar
Create hunting rule
Author:ditekSHen
Description:Detects Vidar / ArkeiStealer
Rule name:pe_imphash
Create hunting rule
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del
Rule name:redline_stealer
Create hunting rule
Author:jeFF0Falltrades
Description:This rule matches unpacked RedLine Stealer samples and derivatives (as of APR2021)
Rule name:Select_from_enumeration
Create hunting rule
Author:James_inthe_box
Description:IP and port combo
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Stealer_word_in_memory
Create hunting rule
Author:James_inthe_box
Description:The actual word stealer in memory
Rule name:Steam_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Steam in files like avemaria
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Rule name:Telegram_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Telegram in files like avemaria
Rule name:UAC_bypass_bin_mem
Create hunting rule
Author:James_inthe_box
Description:UAC bypass in files like avemaria
Rule name:Vidar
Create hunting rule
Author:kevoreilly
Description:Vidar Payload
Rule name:win_vidar_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/165187/

Comments