MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fe115fbf6a3ca07d16647d5a77b351f187d3247c447dce2d401447f2181194d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fe115fbf6a3ca07d16647d5a77b351f187d3247c447dce2d401447f2181194d
SHA3-384 hash: d46449cb7c0466480090f497faf944b14bc986800513e845e14c0377576189e2925291b0d9b0cf78692a9cf6ba318882
SHA1 hash: e6358253317c69103e6f0c0e26d02256a699079d
MD5 hash: 1a300c943b8a4eb687423ad088b74e30
humanhash: oscar-stairway-pasta-bravo
File name:SecuriteInfo.com.Trojan.Siggen9.36315.18259.11083
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:308'736 bytes
First seen:2020-04-11 11:56:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'653 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 1536:2yhjDkSSfyYtsI5kNHFWzUEtssN6vQYyZvQTwBz/8:2j5fyTI5kbWzUyssNwilXQ
Threatray 120 similar samples on MalwareBazaar
TLSH 05649998913601378929353A0C9AFAE5A5BD56E9F7E2D094362C3003EBD057BDCF07B9
Reporter SecuriteInfoCom
Tags:ArkeiStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.36315.18259.11083.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 05:37:37 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h7qrl67wupfapulgi7k2o6zvd4mh2mshyrd5zywuafch6imbdfgq._file
Verdict:
unknown
Similar samples:
2059f1585290ca102aa23d8d92f479a4c0940f1a8957b5226e4c36b9b115c7c5
ArkeiStealer
639c28cc97accffb8a92a13ad5056da2a739421ef4965e768fa57356a6685d19
ArkeiStealer
6f7ceadb0d2fed6b1c7fed3f479dad5a0e6e91263ae9fb0d5d97b811c1fb90c4
ArkeiStealer
7ba24a9faa6235568bd8c2fdf37df1edde77382e5eabedbe1854bcf8e30745a1
ArkeiStealer
ad0c0d03282b4abf01f435f798fbb71d0243714518f265fc8f102f909822e671
ArkeiStealer
b45fb97506ddaaddd21207b75f9a877fd65fedc6324fc10a7d16381bdef232a1
ArkeiStealer
b73caeffe98a9035eefe1465bf9c883f306372f8b4ca2d18973fc18277781363
ArkeiStealer
bc9204be92ac0bd373bc0153d02be668ad82d382ebcc112fa8c252e6f9c67080
ArkeiStealer
ec56dbeb0363ff8cf7967b6216fb258dfd3911c8466d6b028a3a8a44074ec49a
ArkeiStealer
eeaf1a13abc40e26aa08851e533c3fe5770687b10f7194343b2110c3e8ed12e2
ArkeiStealer
+ 110 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 3fe115fbf6a3ca07d16647d5a77b351f187d3247c447dce2d401447f2181194d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/338313/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments


Avatar
commented on 2020-04-11 15:46:00 UTC

Beaconing to the following ArkeiStealer C2:

POST / HTTP/1.1
Host: yrhealth.life