MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 2eabd0638c8ecdfc5c19c1523c72536c4697916e54236f55c2fe8197a850bd62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ArkeiStealer
Vendor detections: 4
| SHA256 hash: | 2eabd0638c8ecdfc5c19c1523c72536c4697916e54236f55c2fe8197a850bd62 |
|---|---|
| SHA3-384 hash: | e5852b6289e4d2873230abee3a083fe3dbbfca7c88401658f88539b79d6d205e1ef546236f82f2402d4e4749be46562c |
| SHA1 hash: | ae8bc17ab9e8cda46587621901d1d4d3ab938816 |
| MD5 hash: | c6468dd91c2fceeba8e0f2cd784739c3 |
| humanhash: | angel-oregon-india-august |
| File name: | GuardiansOfThrone_Launcher.zip |
| Download: | download sample |
| Signature | ArkeiStealer |
| File size: | 16'675'000 bytes |
| First seen: | 2022-12-01 17:54:39 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 196608:cwVnwhRoypFTBlfyVmMvKdtJ5ReQ0flauLI2GorFcqftN4w8xoFxr4og/c/Kevmr:fVnwLrDGKla5dLI+r7n8xC4oxzgy8 |
| TLSH | T1EDF633DDDEE34ECBCC40A130C2721BA027D8D460B818AD67BBB0575A8CBF695D89749D |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter |  iamdeadlyz |
| Tags: | exe FakeGOTT file-pumped vidar zip |
Iamdeadlyz
From guardiansrpg.com (impersonation of play.google.com/store/apps/details?id=com.elight.got.gp)Vidar C&C:
https://t.me/headshotsonly -> mycsgoserv http://95.217.31.208:80|
https://steamcommunity.com/profiles/76561199436777531 -> mycsgoserv http://95.217.29.31|
Indicators Of Compromise (IOCs)
Below is a list of indicators of compromise (IOCs) associated with this malware samples.
| IOC | ThreatFox Reference |
|---|---|
| http://95.217.31.208/ | https://threatfox.abuse.ch/ioc/1024363/ |
Intelligence
File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
File Archive Information
This file archive contains 61 file(s), sorted by their relevance:
| File name: | test.proto |
|---|---|
| File size: | 1'084 bytes |
| SHA256 hash: | 1510e89f033036ee207a80bc956cf75558eed0bf32607a60e6e3f1541764d1cb |
| MD5 hash: | 3740549505d4d31e31a4685076092bf5 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | ant.yml |
|---|---|
| File size: | 1'208 bytes |
| SHA256 hash: | 8a57c3f4547455d9f0b281668e149498924b85e1cf69212480980b8185bc7770 |
| MD5 hash: | 1509a24c991ac389050039610ef2fc2b |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | LICENSE.txt.boilerpipe |
|---|---|
| File size: | 628 bytes |
| SHA256 hash: | 55a4326fc879123ae2a26a32884110ee22d890b010008fced6635ee95e0d7c3e |
| MD5 hash: | f01627bfb7367bf4face736c1a4f60ea |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | plugin_protos.py |
|---|---|
| File size: | 8'378 bytes |
| SHA256 hash: | 6b9e43825617b2e105bec81e42aa06658188eb864ac7fbef458f33e892a6a3a7 |
| MD5 hash: | 6dfb3185af4020d1ba6585f3d7779366 |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | about.txt |
|---|---|
| File size: | 1'168 bytes |
| SHA256 hash: | c4581c6329bd466d0c9df995fd67d3beedd747ef1eb897bda47627f29037e455 |
| MD5 hash: | d6ac1446bbede3b2f3777b98dfad4e13 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | validation-api-1.0.0.GA.jar |
|---|---|
| File size: | 47'433 bytes |
| SHA256 hash: | e459f313ebc6db2483f8ceaad39af07086361b474fa92e40f442e8de5d9895dc |
| MD5 hash: | 40c1ee909493066397a6d4d9f8d375d8 |
| MIME type: | application/zip |
| Signature | ArkeiStealer |
| File name: | gwt-module.dtd |
|---|---|
| File size: | 7'100 bytes |
| SHA256 hash: | 2318e232f8a375264d88aa81c39bcb9435c4e97ad5577f2c046b38d8a72b7224 |
| MD5 hash: | ed47ac6597e23502659b0712094f567a |
| MIME type: | text/xml |
| Signature | ArkeiStealer |
| File name: | COPYING |
|---|---|
| File size: | 12'444 bytes |
| SHA256 hash: | d36fc0ab9cb97b6444a918fea7228bf8f8e8bfdab536588aa5bfc6f3dfedfa41 |
| MD5 hash: | 0d28b75e426753c469534ea575c031d6 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | writer.py |
|---|---|
| File size: | 1'117 bytes |
| SHA256 hash: | d3c31da94a4ed8b6381a2520171cfcd7cb9b6b9bd76c133cf2c2b6275176ab38 |
| MD5 hash: | f02a8156f556375c84286b4894aa07e1 |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | about.html |
|---|---|
| File size: | 3'330 bytes |
| SHA256 hash: | 5113341637bfed7c6b977cf29e40dc6219876238a3350df997920776d130e3b7 |
| MD5 hash: | 558e549d899898234b7564b21ced2c05 |
| MIME type: | text/html |
| Signature | ArkeiStealer |
| File name: | README |
|---|---|
| File size: | 777 bytes |
| SHA256 hash: | f1e51e9efd00aa50f6f9774c5d0926576978dff0ce1c1c14c8d0c2b603620c12 |
| MD5 hash: | d43e81543b0d0561585897c4479ce1de |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | requestfactory-server+src.jar |
|---|---|
| File size: | 2'153'884 bytes |
| SHA256 hash: | ce7be3961446b53815d0bf3dcd0fd89d30e79889e97ef9d0b71fcbbdb30d1793 |
| MD5 hash: | bc746b19ceba515f3acb487e4a5c8a88 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | OWNERS |
|---|---|
| File size: | 2 bytes |
| SHA256 hash: | cdbcae15105d6b781e620813c79c7e868740d4e9cc53ce6f5fcbbc12387adf4b |
| MD5 hash: | b3136a962c78ed1216a17f6c0e30b9c0 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | run_jstests.py |
|---|---|
| File size: | 3'273 bytes |
| SHA256 hash: | 59be939d4a97caf31fba169681a190ccd9b836dbc84570d0a7d6025fbe24fc7b |
| MD5 hash: | bae9c130c5e0f5e4be0c5124dfbeb4ed |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | release_notes.html |
|---|---|
| File size: | 1'015 bytes |
| SHA256 hash: | 5d039fae682cb04fdc93e3478c8635509ebcfc7dc64aff18737a65bbc3212372 |
| MD5 hash: | ae437d32e4364d02adaad2ab1f7577d4 |
| MIME type: | text/html |
| Signature | ArkeiStealer |
| File name: | UnicodePatternGenerator.java |
|---|---|
| File size: | 2'628 bytes |
| SHA256 hash: | 781ec0bd7edbe6d8a3de195200d7293c50e6d0277aa875bcff5cb73b5c3e6eb7 |
| MD5 hash: | 820fc5495260ea2bf80cdbe8fb0217d6 |
| MIME type: | text/x-c++ |
| Signature | ArkeiStealer |
| File name: | requestfactory-apt.jar |
|---|---|
| File size: | 90'993 bytes |
| SHA256 hash: | ee6634073fbd6104c046a26de67009e02ea813df5a8a6fc4b47b0da5e524d8fa |
| MD5 hash: | f587c2c81ff036cb8f6ee04318446437 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | requestfactory-client.jar |
|---|---|
| File size: | 309'382 bytes |
| SHA256 hash: | c69164c14f9086c8c3813eb3807c6687ea4e4d3183c7dca49521810cee733bc8 |
| MD5 hash: | c1a0222c6f12769d94dc9d7b95291b9e |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | requestfactory-server.jar |
|---|---|
| File size: | 1'903'970 bytes |
| SHA256 hash: | 3090e2ecad446ba505d5eb1f341414b7b10eb8f0e620b3598c401e21c8232f72 |
| MD5 hash: | 0fe6bfc97db4941d4acdead96afdbbce |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | land-external-contributor-cl.sh |
|---|---|
| File size: | 1'916 bytes |
| SHA256 hash: | a633734328cb819d647f9f757bbdf58e982e79a83e8383b4c92abd0a2751383c |
| MD5 hash: | 2219cd2d6afd18117933d15f097da027 |
| MIME type: | text/x-shellscript |
| Signature | ArkeiStealer |
| File name: | i18nCreator |
|---|---|
| File size: | 128 bytes |
| SHA256 hash: | 903b172678780994054bba41c627c0a31491ba8f2884e2989c15253a584cb6a9 |
| MD5 hash: | c391b6168219456cefa3a0c3abbbfc4b |
| MIME type: | text/x-shellscript |
| Signature | ArkeiStealer |
| File name: | COPYING.txt |
|---|---|
| File size: | 1'732 bytes |
| SHA256 hash: | 31c7505c31a1ea8557a5362cd69946dc9f5ee80fac8fa1d1b1531c08530497b0 |
| MD5 hash: | af6809583bfde9a31595a58bb4a24514 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | gwt-servlet.jar |
|---|---|
| File size: | 9'332'290 bytes |
| SHA256 hash: | 4cd5ca1344e71a9801ea3818db1019471b9520a4e70e8967e44ff1375e5d2c41 |
| MD5 hash: | 4a832a1c75183f3337b587ca87857f31 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | requestfactory-client-src.jar |
|---|---|
| File size: | 192'611 bytes |
| SHA256 hash: | cc33b4981a63b1d65a5b505bff1c55f0a49edc3a0e42ec90ea2ff2dae82a1eec |
| MD5 hash: | e971ce7de67c2dbc75bb4ba3b3423954 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | Proto.gwt.xml |
|---|---|
| File size: | 418 bytes |
| SHA256 hash: | d96489a1915e48f12df540e59c82ad4d7620496ddb2c163ed5cc63312589a8be |
| MD5 hash: | c88073d69421c779be8d9327428a8bb7 |
| MIME type: | text/xml |
| Signature | ArkeiStealer |
| File name: | gwt-elemental.jar |
|---|---|
| File size: | 1'774'291 bytes |
| SHA256 hash: | 76c1b8c1224a53bef8d2a4d42ad5425bb52883e034d5f659972ab9045013beb8 |
| MD5 hash: | 7b3365fd51d118a3852dbc6e96a033e9 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | README.md |
|---|---|
| File size: | 15'405 bytes |
| SHA256 hash: | 2ead42b112c405925efae61d14d2a007818e4d6be64bfcc85a8f5ad1b287caf9 |
| MD5 hash: | e54ffd56c2753dc1def1b6a9ebf90a00 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | install-build-deps.sh |
|---|---|
| File size: | 2'637 bytes |
| SHA256 hash: | 746808d0edfa7cf0fceb569b8dc5b8a143c96f977d32920f6c04d0b51f8d5cf3 |
| MD5 hash: | 067c7e499157e06e17c185bd8af49c66 |
| MIME type: | text/x-shellscript |
| Signature | ArkeiStealer |
| File name: | wrapped_domdistiller_template.js |
|---|---|
| File size: | 1'228 bytes |
| SHA256 hash: | 4b06125410e4664a53dd5f7eb9f6bba67a35d2cac65bed2a07564490c0d97581 |
| MD5 hash: | e10d76b8cfe72af1b420ab3a12383960 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | test.html |
|---|---|
| File size: | 289 bytes |
| SHA256 hash: | 208baf2978f14babaa4701645362301640f4307df9b65e3dccf3fe36a2a649e6 |
| MD5 hash: | 5ec07a47a11173483b1df0de1fad082a |
| MIME type: | text/html |
| Signature | ArkeiStealer |
| File name: | requestfactory-client+src.jar |
|---|---|
| File size: | 501'827 bytes |
| SHA256 hash: | 2a47f3693d7618ad7559dd4235b0d64250a0bf73fc5644dbbb80a32e88b3c0b7 |
| MD5 hash: | e3bb41712f73d7168330563553bc4e58 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | codereview.settings |
|---|---|
| File size: | 111 bytes |
| SHA256 hash: | d68d48bb533f553d70f8ab60bdd7d9b55eb8556fce7588c9696dca8457330a21 |
| MD5 hash: | 749a5308bde48db5dd4b44f695e9682b |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | DomDistiller.html |
|---|---|
| File size: | 1'029 bytes |
| SHA256 hash: | 9e0896d0ef8706dbcdda2641fe9226ed387f848a4f14e903d25ab3a649e5774a |
| MD5 hash: | f7f2b76759e540d86e2a84acded264d9 |
| MIME type: | text/html |
| Signature | ArkeiStealer |
| File name: | gwt-ll.dll |
|---|---|
| File size: | 12'800 bytes |
| SHA256 hash: | 6709d96cde9996f9c3ca1cee5937aa89fe2f2c2918a3f95e3dfcdf65d9620c40 |
| MD5 hash: | f383cabc8bb9af60709c5e24d9628682 |
| MIME type: | application/x-dosexec |
| Signature | ArkeiStealer |
| File name: | create-hook-symlinks |
|---|---|
| File size: | 177 bytes |
| SHA256 hash: | cc31678eb27bb687b0642aaa4bc89cb4815629d2d7620489220c4ad3f491e82e |
| MD5 hash: | 4107b71e653d2b15e7e1a273988ec16d |
| MIME type: | text/x-shellscript |
| Signature | ArkeiStealer |
| File name: | plugin.proto |
|---|---|
| File size: | 7'589 bytes |
| SHA256 hash: | 4d9abfed07ace5fb2d2d66a5ccdc14d3d1fcb5313eef9f55542a86dd9378b988 |
| MD5 hash: | 17e9d8b4309b5d18fbb4b41074c58af6 |
| MIME type: | text/x-java |
| Signature | ArkeiStealer |
| File name: | json_values_converter.py |
|---|---|
| File size: | 8'232 bytes |
| SHA256 hash: | a259501b38be04431e1b2d17a4949edf048e97002b581a488293bca44fcfd290 |
| MD5 hash: | df8cc07bc14b1247ab5ca0c8b2551c6b |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | types.py |
|---|---|
| File size: | 5'177 bytes |
| SHA256 hash: | 173d1bd10dbe1991077cb5ffcb622cbe2a632695541629e1006126dd6bdc015a |
| MD5 hash: | 150155f0a04aaa8e7ac44aa1c4fa8a54 |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | json_values_converter_tests.py |
|---|---|
| File size: | 1'070 bytes |
| SHA256 hash: | 55a309fa99a6e79cda869dfd95d0dc553ada48325e4e802c23b6b85a0c84ee34 |
| MD5 hash: | 8d1ffa3c2dc4350fae6ffe11cb008dd2 |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | Vagrantfile |
|---|---|
| File size: | 3'000 bytes |
| SHA256 hash: | 17aa1e745165f05566033c4eae0c91df57a348fbff9bb63c6a50e34d300f9f06 |
| MD5 hash: | 0cb5700d98c82b93626fa4d6549086d4 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | webAppCreator.cmd |
|---|---|
| File size: | 92 bytes |
| SHA256 hash: | 52315719ee43b0dca0e99e29811ac08770cc2fddc27945e4dde16fddcc8b6f48 |
| MD5 hash: | 49dbacdde9da8cd9d604f9caa154d0d5 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | webAppCreator |
|---|---|
| File size: | 130 bytes |
| SHA256 hash: | e48bcc34369ea3b77ba83e6535cf298ba26aab34ae97007ffcac5a2e5f9e7436 |
| MD5 hash: | 79188c5ac5e39dc17722d1503994c984 |
| MIME type: | text/x-shellscript |
| Signature | ArkeiStealer |
| File name: | gwt-codeserver.jar |
|---|---|
| File size: | 198'100 bytes |
| SHA256 hash: | b1e50d670a1e229608c3fe487fabd8369aa0005445a60bb0431661b10233d9b0 |
| MD5 hash: | da93a6ba7bb3ce602e2b5c29e1f9e171 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | descriptor.proto |
|---|---|
| File size: | 25'834 bytes |
| SHA256 hash: | 72609e2a4c51039c3fff08e19dffd8fe69b8196e8d368d665f19b469d4da3cf0 |
| MD5 hash: | bcbf107f6583d82502739ca781599282 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | gwt-servlet-deps.jar |
|---|---|
| File size: | 47'653 bytes |
| SHA256 hash: | 1ceaceb5900808e0ef47f297ec8c88c3b0b24640e37d76a7169676c4f8d4b318 |
| MD5 hash: | 94358f00c5ee42d595e87ba21d68df8b |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | build.xml |
|---|---|
| File size: | 10'791 bytes |
| SHA256 hash: | 7983f15b7c49d9350bc1ad8b306a3164a44c813e50f9ad94bfb0bc1d8903b1c1 |
| MD5 hash: | b28dc18413f0ef506d9e3eb627d45ba3 |
| MIME type: | text/xml |
| Signature | ArkeiStealer |
| File name: | requestfactory-server-src.jar |
|---|---|
| File size: | 250'080 bytes |
| SHA256 hash: | 6f127a18fa2d459b5a8a69dc9f6a80ad8a16cac915c09be1bb85a834d661cebe |
| MD5 hash: | b915046f9686ec41e061c6da50382ffb |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | plugin.py |
|---|---|
| File size: | 876 bytes |
| SHA256 hash: | 2748631902fd31a5e14acdd6da3a2a0115b4b4f03200aed1af2cd5811cc55de3 |
| MD5 hash: | fffa8fd0f1f0e38908b1dee9dee075e7 |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | gwt-api-checker.jar |
|---|---|
| File size: | 70'275 bytes |
| SHA256 hash: | 694b9402d580a1ea892c5ee892d5c12e071fb73f566a99bdb24249ed48cf4066 |
| MD5 hash: | 627a360665771767e35fe2af63c422c7 |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | gwt_overlay.py |
|---|---|
| File size: | 6'468 bytes |
| SHA256 hash: | a80b63bcb24c5604d1658ad69c6737cda60000023ec2752cc5254492653e349c |
| MD5 hash: | 2287cf558beacc1ad4f282f49eae223a |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | requestfactory-apt-src.jar |
|---|---|
| File size: | 62'211 bytes |
| SHA256 hash: | 0c585b5a2197d4208731135c18d5972d87114801abec6414e1f514639518c4af |
| MD5 hash: | dc808129c372c50724ac297ca0ef2c9b |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | i18nCreator.cmd |
|---|---|
| File size: | 90 bytes |
| SHA256 hash: | 40a60b89f1f8abdf1ed6edd5474f58016d4816171e45d7cc4ae1ddc682841104 |
| MD5 hash: | 09be7d176fa6c59166850bc949aa3032 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | NOTICE.txt.boilerpipe |
|---|---|
| File size: | 803 bytes |
| SHA256 hash: | 7e8dd7ff032e64c2915826e106c1775e336afed9558d53832a5bea2b2d4cc9c5 |
| MD5 hash: | 40708f755d0894f545f8f888366e2a58 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | junit-4.11.jar |
|---|---|
| File size: | 245'039 bytes |
| SHA256 hash: | 90a8e1603eeca48e7e879f3afbc9560715322985f39a274f6f6070b43f9d06fe |
| MD5 hash: | 3c42be5ea7cbf3635716abbb429cb90d |
| MIME type: | application/java-archive |
| Signature | ArkeiStealer |
| File name: | COPYING.html |
|---|---|
| File size: | 15'678 bytes |
| SHA256 hash: | 63169428c74f0abf08cc3143cf2d21e21c0257df22b788d6bda7086c6cd9f768 |
| MD5 hash: | 372133271f6aa7c06fe6ae4019c84130 |
| MIME type: | text/html |
| Signature | ArkeiStealer |
| File name: | LICENSE |
|---|---|
| File size: | 10'880 bytes |
| SHA256 hash: | 560c13594cab53e1edc37bb1bf3fe4aa128146cd5dd990f63854d9d7d1f7cce1 |
| MD5 hash: | 6cd778870ce5c0c08c8e16fbdf378532 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | validation-api-1.0.0.GA-sources.jar |
|---|---|
| File size: | 65'220 bytes |
| SHA256 hash: | a394d52a9b7fe2bb14f0718d2b3c8308ffe8f37e911956012398d55c9f9f9b54 |
| MD5 hash: | f816682933b59c5ffe32bdb4ab4bf628 |
| MIME type: | application/zip |
| Signature | ArkeiStealer |
| File name: | create_wrapped_standalone_js.py |
|---|---|
| File size: | 1'511 bytes |
| SHA256 hash: | 376a2951bdb5d5c07d63389a801b483eec31649b52c179bede4afc79b3742ba5 |
| MD5 hash: | de28a42a2335c7837de1998eb8ded4b7 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | TestProto.gwt.xml |
|---|---|
| File size: | 418 bytes |
| SHA256 hash: | 40778304f35dac18a68ee72548085cba6d597a32a297456707c2d1e4f5114d5f |
| MD5 hash: | f0de6b48d03dcc737a927dda3e40d62d |
| MIME type: | text/xml |
| Signature | ArkeiStealer |
| File name: | PRESUBMIT.py |
|---|---|
| File size: | 1'671 bytes |
| SHA256 hash: | ed75934273aaaf77d3e3e50254fabf632543c26f258aa26cc7fa1a0221da4d0b |
| MD5 hash: | f6536b59d2c63413c658e0eafaba78ff |
| MIME type: | text/x-python |
| Signature | ArkeiStealer |
| File name: | GuardiansOfThrone_Launcher.exe |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 829'504'000 bytes |
| SHA256 hash: | d75bd016762760fc822510a42542f89b3b87782e05f6f4d4c7e0d4c2cbc0bb20 |
| MD5 hash: | abc0ae82ae17bae74cee2b1d70c2ad9b |
| De-pumped file size: | 1'779'200 bytes (Vs. original size of 829'504'000 bytes) |
| De-pumped SHA256 hash: | c12e490c818469384c4317e24281d2233d561663a17a74ba79365b4c74f4d673 |
| De-pumped MD5 hash: | 71842b9abd318f78fba2f8375acc6b68 |
| MIME type: | application/x-dosexec |
| Signature | ArkeiStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2022-11-27 19:49:07 UTC
File Type:
Binary (Archive)
Extracted files:
13124
AV detection:
5 of 41 (12.20%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
7/10
Tags:
linux
Behaviour
Unexpected DNS network traffic destination
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| Rule name: | meth_peb_parsing |
|---|---|
| Author: | Willi Ballenthin |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
ArkeiStealer
zip 2eabd0638c8ecdfc5c19c1523c72536c4697916e54236f55c2fe8197a850bd62
(this sample)
d75bd016762760fc822510a42542f89b3b87782e05f6f4d4c7e0d4c2cbc0bb20
Dropping
SHA256 d75bd016762760fc822510a42542f89b3b87782e05f6f4d4c7e0d4c2cbc0bb20
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.