MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4
SHA3-384 hash:	4d68c72ebb64cb954fd723b044682fda4e037ad561c6c300b88109677b983d7c840a22f7758cb6c39ae4590df9a627fb
SHA1 hash:	615f20b076ae1eedf261f787f1ad9ee5de3c22dc
MD5 hash:	768cea2ba376a25d1b257fc387b18b44
humanhash:	tennis-mobile-snake-nitrogen
File name:	768cea2ba376a25d1b257fc387b18b44.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	257'024 bytes
First seen:	2022-03-26 15:59:40 UTC
Last seen:	2022-03-26 17:33:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	98af1336ee9a8378f1e2c2d0d9027760 (9 x Stop, 2 x Smoke Loader, 1 x RedLineStealer)
ssdeep	3072:OsKwyFGOjBfvmRGEmRsGtgGqBXtdi6305UKvw:T04iBGRGXOGqkUU
Threatray	479 similar samples on MalwareBazaar
TLSH	T1D944F1127B40C832C00398393765C2A0A67ED53107A797577AAB466F5F613D2BBF970B
File icon (PE):
dhash icon	5c599a3c60c3c850 (20 x RedLineStealer, 14 x Stop, 13 x Smoke Loader)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

221

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/258053/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.39350419.25822.23620.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Launching the default Windows debugger (dwwin.exe)

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/11522/overview

Behaviour

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623f38929253b276b77a4c4b/reports/a8da87a6-edf8-45de-95dc-2e36394c0da9/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0f047e21-4be2-4e5a-b044-f74ff324d76d

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/965104

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found evasive API chain (may stop execution after checking computer name)

Found evasive API chain (may stop execution after checking locale)

Found evasive API chain (may stop execution after checking mutex)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4/

Threat name:

Win32.Trojan.Strab

Status:

Malicious

First seen:

2022-03-26 12:03:52 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ds2ttlqxfnulmelpoal3cktgnm7e7w4gcmfrb377o7brg2lkalca._file

Verdict:

malicious

ArkeiStealer

9abfd615c63ff14217232d5e369aa9411b4f427c9195a814c68395ede43dfc20

ArkeiStealer

ab787c1c75509f4cfe8d221accef6e65fda11d2b4210d90fe864c214f084641a

ArkeiStealer

b601b8c369fb891bc3856cab793446efde8c685d4c2ef4b556fb35b46253ad7d

ArkeiStealer

b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35

ArkeiStealer

c5b4412dc2ecb3b2f17edaa6df61f122243166cd2429f6f54536075caa760661

ArkeiStealer

ed339c8353e7d9a9cc7cc4f5e20756eb6a27f6a9553f7c51d503ab83841d1ec8

ArkeiStealer

ee7bd39d4d29eb7d605e5ee83da5247cfe11e14f397a76d64bb781fcc29ef583

ArkeiStealer

+ 469 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220326-tfrajaefb2/

Behaviour

Program crash

Arkei

Malware Config

C2 Extraction:

http://coin-file-file-19.com/tratata.php

Unpacked files

SH256 hash:

111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840

MD5 hash:

6d15db437bc71c183dd9604829a5354b

SHA1 hash:

a0bbf5585eea01ef056a3a76d8975f6f585d7d01

Link:

https://www.unpac.me/results/3523533a-6850-480b-acc9-100d359e36ad/

SH256 hash:

1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4

MD5 hash:

768cea2ba376a25d1b257fc387b18b44

SHA1 hash:

615f20b076ae1eedf261f787f1ad9ee5de3c22dc

Link:

https://www.unpac.me/results/3523533a-6850-480b-acc9-100d359e36ad/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

exe 1cb539ae172b68b6116f7017b12a666b3e4fdb86130b10efff77c313696a02c4

(this sample)

Cape

https://www.capesandbox.com/analysis/258053/

URLhaus

https://urlhaus.abuse.ch/url/2063967/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample