MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a
SHA3-384 hash: b1a7d1fdfaa76e75cea8b78762c0fc0c430149342641f71f4b956668ba87f1068197d25cbd35ae59643aa74eb90c5b4e
SHA1 hash: 027d084a191db8612b1833267f09bb26f99e2b86
MD5 hash: 31583a68c6122fc2caf37675c016a166
humanhash: solar-asparagus-hotel-eighteen
File name:31583a68c6122fc2caf37675c016a166.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:214'016 bytes
First seen:2021-09-03 07:36:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ecda7b3fe7f3df133ca77cddd8e4064d (9 x RaccoonStealer, 3 x ArkeiStealer, 1 x RedLineStealer)
ssdeep 3072:fexdpLh1x8FfpLaEeKirqj5pscRdpmm80qGgb9ENPGdwDYTuKJIX:2x/Lh1uD2KMQscRdpmrdMGd7TuK
Threatray 409 similar samples on MalwareBazaar
TLSH T19824AD317690C433C5A6C67849258FE5163EBC6658648347BB743F2F3E71392AA1236F
dhash icon fcfcd4d4d4dcd8c0 (52 x RaccoonStealer, 28 x RedLineStealer, 6 x Smoke Loader)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
31583a68c6122fc2caf37675c016a166.exe
Verdict:
Malicious activity
Analysis date:
2021-09-03 07:40:18 UTC
Tags:
loader stealer trojan
Link:
https://app.any.run/tasks/fa696aca-2073-486e-81a8-d8b7a6a1a066

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/185058/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Sending an HTTP GET request
Creating a file
Creating a file in the Windows subdirectories
Deleting a recently created file
Reading critical registry keys
Replacing files
Changing a file
Creating a file in the %AppData% subdirectories
Creating a window
Sending a UDP request
Running batch commands
Creating a process with a hidden window
Launching a process
Stealing user critical data
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a97a4a5e-fbb7-4afc-8ffd-8934957b348e
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/844612
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-03 07:37:15 UTC
AV detection:
15 of 43 (34.88%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
111dd17966a5f7058eb1cfc468c1d062602437a69694aa05eff97d121d611408
ArkeiStealer
120a50bdd5effe67ea0270aa7f938039e7a5e6a589a13e9371e381f4d1518dcd
ArkeiStealer
341970fa08050ae3de11bf7d13c9f76f818298c1f8af73e285fc56a0bb12b77b
ArkeiStealer
3d59ac598ad756cfa7d56ea28d85071266ccfbcec2bc952600ff82fec99d633c
ArkeiStealer
5d372a19bbdae072e4fb4ff9deded30dbb40f4a74b54fbf77888a1523e864129
ArkeiStealer
7173381414ec85250c6bd3c9b803f2d49b98a7826c8aeea37d9328d5e74d7fb6
ArkeiStealer
90b9d553b4883ed20e3273a86351f103d10b012dab0c82179bb6b5bfcc188b88
ArkeiStealer
e9abbf811d367cf26f493d72ccd96749e534804ac27d36956dce0484b1440f25
ArkeiStealer
+ 399 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210903-jfvb3sfhck/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
1f176e8977339c0c1bbeeff314643dc3573ab61c775ed11868d9ee86e9fb525e
MD5 hash:
d37126feef855198ae18050cdfd63779
SHA1 hash:
ac125b74ea35c3410eb549a41aebd0c924a088ed
Link:
https://www.unpac.me/results/ea720406-a467-4832-915f-d6554bf7c567/
SH256 hash:
3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a
MD5 hash:
31583a68c6122fc2caf37675c016a166
SHA1 hash:
027d084a191db8612b1833267f09bb26f99e2b86
Link:
https://www.unpac.me/results/ea720406-a467-4832-915f-d6554bf7c567/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/3e46c3912ced/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1587452/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/185058/

Comments