MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2
SHA3-384 hash: 33b14a6d1df616015197e4c358af7b98231c242ad73267e151ecd51732e6df1edd6a55827322a3bf89a20651d19b4b44
SHA1 hash: b74fc29e44fd167f17f8e75f74bbc8fe1cf35d0e
MD5 hash: 3c0ff1476f4da58cc85553ab15fa03cc
humanhash: maryland-snake-nitrogen-sixteen
File name:3c0ff1476f4da58cc85553ab15fa03cc
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:102'400 bytes
First seen:2021-08-24 12:27:02 UTC
Last seen:2021-08-24 14:25:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 1536:TGnHF3PKBF8cRjz1HR9HlKGDnIiRlgrquiZ7HxGIo3/e7pKGPXlagvH0Lraw3Rpl:TGnHF3P8u4VpDL/laSUjGU6xr9r0
Threatray 9 similar samples on MalwareBazaar
TLSH T172A30600E5A0911AD49813BBC1E653BEF05C9D7C836E61C3EF916FB20A75AF1297249F
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://mega.nz/file/0DhiCICZ#aB8tc17z-PCt-yRv7ZMm02R1klDuYIR2zfJdAc1b7No
Verdict:
Malicious activity
Analysis date:
2021-08-24 12:01:15 UTC
Tags:
evasion opendir loader trojan stealer vidar rat redline phishing danabot
Link:
https://app.any.run/tasks/0eaefe6d-bb22-494d-8af4-71e36a3ae90d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181899/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop9.43392.25041.2047.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Sending a UDP request
Connection attempt
Creating a file in the Windows subdirectories
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/030345d0-9d9d-4564-b0c5-18e603055779
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/838239
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2/
Threat name:
ByteCode-MSIL.Trojan.Revenge
Create hunting rule
Status:
Malicious
First seen:
2021-08-24 12:27:15 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
341f4423ac740db2802efecb3e85430970a636052d7f366ea99abd7f1b39f037
ArkeiStealer
5d372a19bbdae072e4fb4ff9deded30dbb40f4a74b54fbf77888a1523e864129
ArkeiStealer
7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687
ArkeiStealer
7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70
ArkeiStealer
8795bb17e6a0ce6dc06236d4042c625f2154bd1d8e5df494c23ffa3e58124395
ArkeiStealer
b817002c69c6315e116f14d6fe64151577999eb773842f052fb17d9a7413a53c
ArkeiStealer
d92ae18e49040ad5837f3a3714f074406505d4c7ffebcc8ccb51a656a406f908
ArkeiStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
ArkeiStealer
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/210824-3w6fxcvlxs/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
67148bf6ac6d459c6e657905e0954c5830976b88917ce10b4e8ee2e8f183bd00
MD5 hash:
bc0fa9eea5e4c3a2fa4a8a11516e51cf
SHA1 hash:
456197add38fe693d86d9a5254c966489bdc2d78
Link:
https://www.unpac.me/results/864cb8c3-eaa0-452a-a779-fa05f9e9e745/
SH256 hash:
386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2
MD5 hash:
3c0ff1476f4da58cc85553ab15fa03cc
SHA1 hash:
b74fc29e44fd167f17f8e75f74bbc8fe1cf35d0e
Link:
https://www.unpac.me/results/864cb8c3-eaa0-452a-a779-fa05f9e9e745/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/386cb4a88b5c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation
Create hunting rule
Author:ditekSHen
Description:Detects executables containing potential Windows Defender anti-emulation checks
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1560013/
Cape
Cape
https://www.capesandbox.com/analysis/181899/

Comments


Avatar
zbet commented on 2021-08-24 12:27:02 UTC

url : hxxp://swretjhwrtj.gq/JJJWOWOW.exe