MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228
SHA3-384 hash: c8e1b07d1686e7174ad0ea3b77d0b521372a63531141208dd13e40949b0b01333becbb9e3eec6d31dba227f03502c0b3
SHA1 hash: 610967eacd31cb61e20b200f7acf28f0fe85eacb
MD5 hash: 3a847162331f61073128ba1f5b46bf6a
humanhash: sweet-winner-california-lactose
File name:3a847162331f61073128ba1f5b46bf6a.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:5'303'613 bytes
First seen:2021-10-02 07:18:18 UTC
Last seen:2021-11-25 12:35:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c9adc83b45e363b21cd6b11b5da0501f (82 x ArkeiStealer, 60 x RecordBreaker, 46 x RedLineStealer)
ssdeep 98304:AAI+pNciwmJWA1Gf93IeEfaSzJFWVtrmJSRqIlGFEAWms+EnQQ4yva5:ntpKJAmOLfHotr8V+AW1nNlW
Threatray 3'233 similar samples on MalwareBazaar
TLSH T15E3633F8A482867BD86155724A4BD1AB7032BF481D2D14E7B1D10D3CBD6371A6EB23CB
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
setup_x86_x64_install.exe
Verdict:
Malicious activity
Analysis date:
2021-10-01 14:17:51 UTC
Tags:
trojan loader rat redline evasion stealer opendir unwanted netsupport amadey vidar
Link:
https://app.any.run/tasks/9d144ff3-7f0b-47bf-bda2-fa79900a43c0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/194149/
Detection(s):
SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Delayed reading of the file
Creating a file in the %temp% subdirectories
Deleting a recently created file
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/540ac32d-11ae-4c89-ab8d-00e39dc42edc
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/863109
Signature
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Potentially malicious time measurement code found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228/
Threat name:
Win32.Packed.FakeInstaller
Create hunting rule
Status:
Malicious
First seen:
2021-10-01 18:51:00 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
0a823cbd6a32a10c927253fa40466c8a3177e487ee7895a8a2e244a9b4c415fc
ArkeiStealer
11adb6fd4fbcb8fe68033ff2bc3b8cc45b980c573f7c58be291383d5b95d6e41
ArkeiStealer
4df50c6d6d188c3413bdba53851cbeea7b281b92b0d5341c021a65912395fa5b
ArkeiStealer
62cf8452627f42cc0f5655a12ef386c720e11f2fd2ad7ec64ea821184ffacc65
ArkeiStealer
64565f657fa253edfad53f3cc7ab519382c6250fe47c75512650d50b379c2dad
ArkeiStealer
663d11c6a687961e8b5cda09b720a9511d972a9ea164cf8c385037a33eea53fa
ArkeiStealer
685933af075d310ddb454b399641cfdbf801441e5360df0e71204d63d2afc757
ArkeiStealer
e4243a2f49e119acbf11700c1c9f52b01414cbc2e31a60da0492ef984a0c73f9
ArkeiStealer
+ 3'223 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/211002-h5knhaeafk/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Executes dropped EXE
Unpacked files
SH256 hash:
c2376ffbb22fad41bffab949a46dd92fcad3bc6dbe36a910aa429aa05a328ee7
MD5 hash:
b02db1836c6789898af58874066274ab
SHA1 hash:
8a2164c260b0b9faf5bff77e4502599dc7a4ce58
Link:
https://www.unpac.me/results/0fea6694-c099-486c-b479-0098de39453e/
SH256 hash:
d1351e412ae2dff023fbab854017ed648adf642840edca13418ac2659bca85ff
MD5 hash:
d733eef84dbcf4fe3322505689885109
SHA1 hash:
4f21aa5738eedde3b35ec5fd492aef9773af7bcc
Link:
https://www.unpac.me/results/0fea6694-c099-486c-b479-0098de39453e/
SH256 hash:
1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228
MD5 hash:
3a847162331f61073128ba1f5b46bf6a
SHA1 hash:
610967eacd31cb61e20b200f7acf28f0fe85eacb
Link:
https://www.unpac.me/results/0fea6694-c099-486c-b479-0098de39453e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/1ee311c3f243/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 1ee311c3f24397de3f6671b67a263206e78f8040f5ac2fc0182d0ee171c53228

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1642815/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/194149/

Comments