MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 20db7ae176f332d5e96b95d382909163dd3440b13eb6845e2d3fdb6ddeea2ff0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ArkeiStealer
Vendor detections: 12
| SHA256 hash: | 20db7ae176f332d5e96b95d382909163dd3440b13eb6845e2d3fdb6ddeea2ff0 |
|---|---|
| SHA3-384 hash: | 204e779a4a0d72bbf29280586b945426d4def0b09a66d380c2de0b0d56733caeb04e8aa800863a29911e439fcd9c1f66 |
| SHA1 hash: | e05753938ec6d2e151309ddfc42e1634925f2d87 |
| MD5 hash: | 9be7ba9afcb345e57ed908bb4947ea01 |
| humanhash: | alanine-ceiling-florida-freddie |
| File name: | 9be7ba9afcb345e57ed908bb4947ea01 |
| Download: | download sample |
| Signature | ArkeiStealer |
| File size: | 670'720 bytes |
| First seen: | 2021-11-11 20:03:36 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 52f3cbaa89ec222f54fb6ad33fd12ebf (3 x RedLineStealer, 1 x ArkeiStealer) |
| ssdeep | 12288:z/eG1b0Dzgwy3FtmfbGAMWLZRKXcyJd3oK75inCXYhpEs:CZcFkf7LzKsQOIYh/ |
| Threatray | 617 similar samples on MalwareBazaar |
| TLSH | T104E4121072D1A53AE4B13F3064A1C6E16B67BF6261B01143E668672E2DF33D09BB6F17 |
| File icon (PE): |  |
| dhash icon | fcfcf4d4d4d4d8c0 (41 x RedLineStealer, 30 x RaccoonStealer, 9 x Smoke Loader) |
| Reporter |  zbetcheckin |
| Tags: | 32 ArkeiStealer exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Vidar
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
coinminer glupteba greyware lockbit packed zbot
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Verdict:
Malicious
Result
Threat name:
Vidar
Detection:
malicious
Classification:
troj.spyw
Score:
76 / 100
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Raccrypt
Status:
Malicious
First seen:
2021-11-11 20:04:06 UTC
AV detection:
29 of 45 (64.44%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 607 additional samples on MalwareBazaar
Result
Malware family:
vidar
Score:
10/10
Tags:
family:vidar botnet:1056 stealer
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Vidar Stealer
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
Malware Config
C2 Extraction:
https://koyu.space/@rspich
Unpacked files
SH256 hash:
f5cac85d04107f890af3ea17e114ea4a0ecea26c213c6bbca2c16058816118d7
MD5 hash:
b031b4b986753b2be6cc209624089edb
SHA1 hash:
6df455ea78999b84e84c53fcb93197609a19cd99
SH256 hash:
20db7ae176f332d5e96b95d382909163dd3440b13eb6845e2d3fdb6ddeea2ff0
MD5 hash:
9be7ba9afcb345e57ed908bb4947ea01
SHA1 hash:
e05753938ec6d2e151309ddfc42e1634925f2d87
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxp://file-file-host6.com/files/9431_1636644172_2842.exe