MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae
SHA3-384 hash: 205e4cbdf6c1bbe095ebcbc8cee6e2e461ee20ef198aa5bbd06dd37f77a96699e2ef6a4b52b123fa7740b9448c87b7db
SHA1 hash: c0d23a5a603102646508528be48d378ac5203984
MD5 hash: bda5a433a7774c24521a48c58d3d3b64
humanhash: berlin-magnesium-colorado-paris
File name:bda5a433a7774c24521a48c58d3d3b64.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:615'936 bytes
First seen:2021-09-09 07:16:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64eb66b7a412a3ebf76d0c2b5dc309f (3 x Stop, 1 x RedLineStealer, 1 x ArkeiStealer)
ssdeep 12288:TjV31q3iv4fvZM4bSBV10P6mvVfcApeidKPFfOYm4N5h28:vSBTU30Je9VRjg8
Threatray 112 similar samples on MalwareBazaar
TLSH T16CD412317292C036C5AA1A704461C7F45A3EF562163549CB7B68D7B8AFB129CBBF930C
dhash icon 1072c093b0381906 (22 x RedLineStealer, 22 x RaccoonStealer, 20 x Stop)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bda5a433a7774c24521a48c58d3d3b64.exe
Verdict:
Malicious activity
Analysis date:
2021-09-09 07:37:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cb74f14a-50ea-4fdd-9035-d5802602e0b0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/186521/
Detection(s):
Win.Malware.Fragtor-9891492-0
Create hunting rule

Win.Packed.Generic-9891538-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
DNS request
Connection attempt
Sending an HTTP GET request
Sending a UDP request
Query of malicious DNS domain
Sending a TCP request to an infection source
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d8d1a482-d9d7-49bc-b69e-3062e11e6414
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/847883
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-09 01:29:01 UTC
AV detection:
22 of 45 (48.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kjrg64nbc37hg7via3mucykx73issbqomvcchwcmh2nqd5gd3wxa._file
Verdict:
malicious
Similar samples:
2e6900e575c222bee9131ddef431f1f7803c4f712cb8c79cff1ae671b15b3078
ArkeiStealer
9068226836b564e7d81a13c015a217bc2870dcfab4bd643c87a4551b6f9d2c97
ArkeiStealer
907c112beb537b9bdc86aa35fa1bb7eabd2adb88193f4eb505f1665086c7d1d9
ArkeiStealer
b98ce97a468d7e69e2d9344268d2c68085cf95f6386b4d5c89a772671b95468d
ArkeiStealer
bfe420ea0760974bdb7f76c5c95f8694e70255b9cfbf5ff19c1be2cec5c76a50
ArkeiStealer
e779a81ea1baa2b62c5bb58716469c5585a38308fe71bf220ffc73583cbb0a00
ArkeiStealer
+ 102 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:1008 stealer
Link:
https://tria.ge/reports/210909-h3w9hsaheq/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Vidar Stealer
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
Malware Config
C2 Extraction:
https://romkaxarit.tumblr.com/
Unpacked files
SH256 hash:
bba539e974547ee16aeb35898f93cb7f38c5fbfb15a7d2e6584b8910561cca36
MD5 hash:
e139d3e032bd01fa412f879f826c45a4
SHA1 hash:
0920edb0ce36283c90131d98d66aeacd26cb8633
Detections:
win_oski_g0
Create hunting rule
Link:
https://www.unpac.me/results/e710d335-72f7-486a-9a90-e6c8dc945a8c/
Parent samples :
bfe420ea0760974bdb7f76c5c95f8694e70255b9cfbf5ff19c1be2cec5c76a50
ca3291276c2ca7e712a191660b9c19eee9395d4d5f5851a5c7fadae04cabc4d4
e292a0c2b116fc037f1203ada6d8bc9c1a8b4ea9caa6fda072c36a28f6ce6332
0dd88d1680c01b1c9ab3fea4ab104518f2f0bb2b844da7937fd6af5e9e507b28
9250a42039894ce2365f01d5f5ea892911d31139c931ae50078f4d85eb70622b
038671e9ee686616defaf76fbceb7ff6efa1d7cd0e60325a61a4fad482724be3
a835db23fa3362856672e0c22bc91f43d91148f14ea8795026f789fac9101bc5
b98ce97a468d7e69e2d9344268d2c68085cf95f6386b4d5c89a772671b95468d
f3aca29ebe030327614bd9490d21337a76c99fc690da96143c778e949b4f3014
907c112beb537b9bdc86aa35fa1bb7eabd2adb88193f4eb505f1665086c7d1d9
2e6900e575c222bee9131ddef431f1f7803c4f712cb8c79cff1ae671b15b3078
d368823c55cf26cf627c93b36c1240292289cdb5df4fa72bff4726247d724334
c391048f55dd2b433a4154f643a615482841b66f5e77d97a16e2f571ba45e2fa
3ec3b89ce82722d857a655d31fe198df4cae1e506605cbdc0bab93458022fb94
54f1e7859007bb501f1ec186ff16d41d646e67c372f41378ad5277bb56fcac79
ce35f9b1b39877768401efd79bb939f079ce5d323d2332dc3306c2dff4e47598
3b36460b8174b31b1a63e77e5e97293d1ac9d87170df66fe0b388a5005e96824
211d5cfb31621051281b289aa8ce6111d894088a2059becc54ee888ce4967239
c658bfe194e75bd08503d48891fb59ec72b5d08bd1162f4f57be36327de0284f
7ed9d180673f584cb838c88400d0c9bfa8cac5b42f6f85e843f37ce91d292f18
e779a81ea1baa2b62c5bb58716469c5585a38308fe71bf220ffc73583cbb0a00
5bb23f104b0bbe34ef6c9fbc006e9423cf61ca54ea3557d423a212968a9761b2
53bf1311760dbf64ec106e6fe8cc3fd94d0c2bb401d73fb97be4817fcddb5720
52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae
993599a929bcbab8c27829257fdb51f8fa02fe73555ecd9260f8cfe919eb3796
7c6321b65a08aeab4f94e25158ad2f5198c79b604c1cbcc57ddc4259c022e506
838d45fb11410a9b2cfcc817a7204c8c129c349e8e1dce38279153e6d3d47025
23fd9ad1ccf48f7063ed54e5a2970936299a6951547a689ac320858531217510
SH256 hash:
52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae
MD5 hash:
bda5a433a7774c24521a48c58d3d3b64
SHA1 hash:
c0d23a5a603102646508528be48d378ac5203984
Link:
https://www.unpac.me/results/e710d335-72f7-486a-9a90-e6c8dc945a8c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 52626f71a116fe737ea806d9416157fed129060e654423d84c3e9b01f4c3ddae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1584973/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1586513/
Cape
Cape
https://www.capesandbox.com/analysis/186521/

Comments