MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355
SHA3-384 hash: 1eca352b23b35391861ea4307f7b0de9a1538d31baba1f637131b3d9e8a23b626eb92f42e30d2f553cfab0938434cfad
SHA1 hash: 89da629358f5e7fd4da717a15fd72b74869af631
MD5 hash: 61f51370de492e1b8fd565c68aa3141d
humanhash: ten-kansas-florida-coffee
File name:61f51370de492e1b8fd565c68aa3141d.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:296'448 bytes
First seen:2022-07-31 03:15:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c28bffc2103bdca633066114a2d6df73 (1 x ArkeiStealer)
ssdeep 3072:2XLCcxe64ePsNCZybU+sHJ+9tscpxyPnezHR1G5IJBiLPro2VmxlQ6iP7xmX4nuB:etEv3sHMTHUWd1GKio0mzx+FmAE
Threatray 1'293 similar samples on MalwareBazaar
TLSH T110549D25B750D032E6A3243DAA9197F1C6AEBC317921515BFBE41A6DDDF12C2DA3030B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:ArkeiStealer exe


Avatar
abuse_ch
ArkeiStealer C2:
http://62.204.41.126/

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://62.204.41.126/ https://threatfox.abuse.ch/ioc/839725/

Intelligence

File Origin
# of uploads :
1
# of downloads :
422
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/295313/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.20401.5055.274.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a file
Reading critical registry keys
Creating a window
Stealing user critical data
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/27875/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware vidar windows zusy
Link:
https://www.filescan.io/uploads/62e5f46a5c07b66577de3f09/reports/45ddccde-6e5d-474c-bb54-ac34866c6891/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/179e097d-ef42-43ec-b920-1ba9f3d107d2
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1043700
Signature
Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd or bat file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355/
Threat name:
Win32.Infostealer.Convagent
Create hunting rule
Status:
Malicious
First seen:
2022-07-26 18:56:26 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dezyqzhqnotcd2zvipj2adfeff6ridrhbj7ndlyxjnqujgqsqnkq._file
Verdict:
malicious
Similar samples:
15021b22e43f3522e7da1ba69256c9d9cda849794d44aa1e58cabc3282818362
ArkeiStealer
1a410b868da14ae4cbc2cbc68870ffcdc8a060aca06ee3b09bd356b9d27c814b
ArkeiStealer
2cbb7e317e749e0f4d7de7fd084f2217ac91bf13eeee072c004dde01b4c39b8f
ArkeiStealer
32fe263a8ffc6bc490c545d6394638347164e676a79e537037f8b0c9691194ef
ArkeiStealer
3427583e84dda3d92aab9f9b9050d7cfe9bcb43094acc08f02f0166f310702cc
ArkeiStealer
9bc8a9f52041123c3c471dd111a2ce0ee39eaf5e59d7949826d08601a3511f10
ArkeiStealer
aba02213b0f3c686aa3b4a32104cc1b95748ff3ec926d3030cfb5b88a9b930db
ArkeiStealer
ceff984891362aced0814217cae0a2d70980172e0f7a54adcb3c66cd3cd82704
ArkeiStealer
df0b62403f7a1e666b759a3c174141defe61e275263637729f56749f524a514c
ArkeiStealer
e2baec713e48b74764d044346e7170179b4b99f8e0d8692ccfda231002239b2f
ArkeiStealer
+ 1'283 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/220731-dsf3bsfacm/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355
MD5 hash:
61f51370de492e1b8fd565c68aa3141d
SHA1 hash:
89da629358f5e7fd4da717a15fd72b74869af631
Link:
https://www.unpac.me/results/d86b7156-0800-44ec-b323-b0a97d7a217c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/295313/

Comments