MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1df55177a6326406d491cd9b6d4951392e565dd13e597836684468de6fec52f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1df55177a6326406d491cd9b6d4951392e565dd13e597836684468de6fec52f1
SHA3-384 hash: dd31874e0d8421ea2e2d21f96b1013e73fd8d1da2e1bdeea19ff65afdbbbf9c88e57bbfc1aaa2604cfbfc03625112a52
SHA1 hash: 4fd4567d7ab926154ba6fee9bb69aaaea87e96d5
MD5 hash: 43c100532467c5b634c1cd2f64683526
humanhash: east-hotel-texas-robert
File name:SecuriteInfo.com.Trojan.GenericKD.43244008.21361.20996
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:259'584 bytes
First seen:2020-06-05 10:35:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0278acc226fde5136b4fbe8f664bd675 (1 x ArkeiStealer)
ssdeep 6144:ZWDFUbPWLZm6tOpiM7J7lht2/nBwHkblmO9Qk8pxqcyi3Fzk:sSbSaRd9QnHbsO95OJI
Threatray 58 similar samples on MalwareBazaar
TLSH 57448EF3CB83880DD31A17786DBF4E65F3E816A8C816B2F7CE94C819A4FB4956885345
Reporter SecuriteInfoCom
Tags:ArkeiStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43244008.21361.20996.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2020-05-30 07:08:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dx2vc55ggjsanverzwnw2skrhexfmxorhzmxqntiirun437mklyq._file
Verdict:
malicious
Similar samples:
1553300557f17e7cb62c914616267bc733854b98a0edc5215d901cc4f8e4d0f0
ArkeiStealer
1d1db9028a99d5ccfd2e898e61dd4c0fbd2b363934f0623aa9503280fa3229a9
ArkeiStealer
4ae1f055edea4c9667047ce00c62924d58278e47ca8262725a89ae5c77354eb1
ArkeiStealer
662df407f177b9d63dc16fe5c1068d65c8e1fbe602d05a7cae1db651179b746e
ArkeiStealer
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
ArkeiStealer
6f34fbbfbe526af81101fef3143797b2e5fddb2bb945c69e6ddd7dd7bf2cf7c7
ArkeiStealer
7a7f8f5b41981d22a64654a713d5dfdfbe6cb5e0778364a594fbaee25efc5425
ArkeiStealer
9c2eb5790e7874950db0e51764ba68bb4a0fa5be68b659717c73363883da0db7
ArkeiStealer
d0030a8a47fd678d6f9f2313fdeed1898fb667bcda9167215a90d64b7744d665
ArkeiStealer
f431b5b6dc04208fe9ffc89eafd94c92d1383857d17702240f14aa19f538b3aa
ArkeiStealer
+ 48 additional samples on MalwareBazaar
Result
Malware family:
oski
Create hunting rule
Score:
  10/10
Tags:
family:oski discovery infostealer spyware
Link:
https://tria.ge/reports/201109-g44qct9g2a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Kills process with taskkill
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of web browsers
Oski
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_oski_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 1df55177a6326406d491cd9b6d4951392e565dd13e597836684468de6fec52f1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/381815/
  
Delivery method
Distributed via web download

Comments