MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b
SHA3-384 hash:	d68fe25640ea5d988181686459760b34a4866f584ee47a2878dd55b1f4a681773b43464e8954e948c40a42cf0f21b384
SHA1 hash:	5ca6b9272e1d25313789bd1a26ca0900491ddfba
MD5 hash:	58c1e687683a58afa476aec072cf4623
humanhash:	fifteen-sweet-wyoming-quebec
File name:	58c1e687683a58afa476aec072cf4623.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	257'536 bytes
First seen:	2022-03-24 19:18:51 UTC
Last seen:	2022-03-24 20:42:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	85ab2e60dd2898af34be3c600a19c140 (6 x RedLineStealer, 3 x Stop, 1 x ArkeiStealer)
ssdeep	1536:tJKODs1oHlaP29vmsLBGB63jEcVkgKvgsZXHCugP0xUoJ9rmW2mXcQkV5HaGjDzY:tJKOh9eQGQ3FJKvBzv9wV5hk
Threatray	488 similar samples on MalwareBazaar
TLSH	T18C44F0107743CD32C04658393956C7B1EBBA663106A2C9477FAA07AFAFE13C196F9349
File icon (PE):
dhash icon	5c599a3ce0c3c850 (43 x Stop, 37 x RedLineStealer, 36 x Smoke Loader)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

209

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/257351/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.28366.6565.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Searching for the window

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/11198/overview

Behaviour

SystemUptime

MeasuringTime

CheckCmdLine

EvasionGetTickCount

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623cc477b94fb38cb4e5815d/reports/fc2d1206-0d33-4267-b469-839b1248c44f/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6748107e-d660-477c-b77c-78d5eb6be251

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/964006

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b/

Threat name:

Win32.Trojan.Strab

Status:

Malicious

First seen:

2022-03-24 19:19:19 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jzzle4xdfjcdflqal4at5ssvq2xse5pwv6d7qjesveijdedmpcfq._file

Verdict:

malicious

ArkeiStealer

2f79c41045be2704549003930a2712977bb4b854e51a55851432d01b01297647

ArkeiStealer

523ff5fa555ad1837c439fd962b07f6cf17a56961fb0c9675d54f9724b476e5b

ArkeiStealer

5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660

ArkeiStealer

6081ec45cfd21e7ef92a44a9a190260ab2178cd87729038cd5005e5d18a9b1e4

ArkeiStealer

8f3c17ac18a040730c85fc32be4a41d7a3c37555b46db36e008f917951f0b7af

ArkeiStealer

b601b8c369fb891bc3856cab793446efde8c685d4c2ef4b556fb35b46253ad7d

ArkeiStealer

c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b

ArkeiStealer

ed339c8353e7d9a9cc7cc4f5e20756eb6a27f6a9553f7c51d503ab83841d1ec8

ArkeiStealer

f732ae7b6856afcbadc0e5bcfee3f71da3570f45a5bdff81fa33468106d6bc2a

ArkeiStealer

+ 478 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220324-x1j9hahhhq/

Behaviour

Program crash

Arkei

Malware Config

C2 Extraction:

http://coin-file-file-19.com/tratata.php

Unpacked files

SH256 hash:

111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840

MD5 hash:

6d15db437bc71c183dd9604829a5354b

SHA1 hash:

a0bbf5585eea01ef056a3a76d8975f6f585d7d01

Link:

https://www.unpac.me/results/8e07b743-3998-408e-a4a4-71165c733290/

SH256 hash:

4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b

MD5 hash:

58c1e687683a58afa476aec072cf4623

SHA1 hash:

5ca6b9272e1d25313789bd1a26ca0900491ddfba

Link:

https://www.unpac.me/results/8e07b743-3998-408e-a4a4-71165c733290/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

exe 4e72b272e32a4432ae005f013eca5586af2275f6af87f82492a91091906c788b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2063967/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/257351/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample