MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a
SHA3-384 hash: 7053ea7a4f3183218e8deab500307d4cbc1c7f66a54909bbee91df1036050a14a38903401aea08761dab4bcb14f7c37b
SHA1 hash: 8d4e1c37d3cee528d4cc43f33aa001ce5ac5e3c9
MD5 hash: 88d5c0bff7ccbc87e94adf5aed73e1d9
humanhash: nitrogen-aspen-ohio-fanta
File name:88d5c0bff7ccbc87e94adf5aed73e1d9.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:355'328 bytes
First seen:2022-04-17 13:38:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b6d31eba88527d4f4f120105ce69847 (1 x CoinMiner, 1 x ArkeiStealer)
ssdeep 6144:XuMrAaXo49OBtATROMX6t6SOMemV1rPJVXUw0kigax:XuaXl9OBtA1OMKzkmV1zbkw0B
Threatray 399 similar samples on MalwareBazaar
TLSH T15774AD6176E0C431D1A25E305835DFB01A7FBC226974914BE3E4EB1E6E727819AB132F
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 480c1c4c4f594b14 (172 x Smoke Loader, 134 x RedLineStealer, 98 x Amadey)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
330
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264200/
Detection(s):
Win.Dropper.Tofsee-9916206-0
Create hunting rule

Win.Malware.Filerepmalware-9941437-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching the default Windows debugger (dwwin.exe)
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/14093/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/625c184affe27d5119f3c5b8/reports/9568982c-1b21-4bd4-aaf0-af0e8a0a45b3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a06c9dc6-43e0-49f4-8963-f5724868b34e
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/977879
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a/
Threat name:
Win32.Trojan.Raccrypt
Create hunting rule
Status:
Malicious
First seen:
2022-04-17 13:39:05 UTC
File Type:
PE (Exe)
Extracted files:
45
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328
ArkeiStealer
088e9030bc73a47f4deeef9a332690a9568907a1858c5d957924a85b90fbc88a
ArkeiStealer
18a51631909a8b72c610fa2b7640530cbe0dbfcc73a8e84af917fa797dded717
ArkeiStealer
2a13b3b4e815d3856fb26b89dbcfb06a5b025db7f4c0e398ccdbc4477e3d2f58
ArkeiStealer
499656d285442a548d0f0356a414b5c50b7bd7815db52e845cf8729cd4bcc9bc
ArkeiStealer
5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061
ArkeiStealer
63fed261af5fb2e1eb439256eba9b6f96bbb9e2ee97c7f8211c5f60992f5a7e0
ArkeiStealer
b2052d38af422bd9e54927e9d4606942e5f7da8c968ce7f441c62f9f49532a99
ArkeiStealer
c73fbcd3422e85b23bfa0e2d65ee0b35ecb344c7f1fe4d2827e45339137b356c
ArkeiStealer
de147d635d7404111032d34845dd05eddc00ae6ecf0814d89eed3c6a81c06629
ArkeiStealer
+ 389 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default spyware stealer
Link:
https://tria.ge/reports/220417-qxyt6ahgg3/
Behaviour
Program crash
Reads user/profile data of web browsers
Arkei
Malware Config
C2 Extraction:
http://45.138.157.138/ZSnH91i5Xb.php
Unpacked files
SH256 hash:
66569bcb872c2246b15615cc0ad36397e72b8c2234db9aa080a350f07ce5fa42
MD5 hash:
df0cc31a8e502b69fa635f8bbef6b8e2
SHA1 hash:
2e43f2fcff3fc9014084da36a5021c7730dc620f
Link:
https://www.unpac.me/results/056d3615-13d6-40d9-b8aa-230a617fc08c/
SH256 hash:
22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a
MD5 hash:
88d5c0bff7ccbc87e94adf5aed73e1d9
SHA1 hash:
8d4e1c37d3cee528d4cc43f33aa001ce5ac5e3c9
Link:
https://www.unpac.me/results/056d3615-13d6-40d9-b8aa-230a617fc08c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2136382/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/264200/

Comments