MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0
SHA3-384 hash:	f1c2609a4510264fa42c0c0f3e0187fec1d29a095c7a37045124bb971a35c25fc7d9a8bdb6ba083fce9e1fffe9cb27c5
SHA1 hash:	2641c282d358e57ee0b2c9baaba9b68c8a448274
MD5 hash:	d12a77192f287861907fa76e33a4c401
humanhash:	seventeen-alaska-september-victor
File name:	d12a77192f287861907fa76e33a4c401.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	245'248 bytes
First seen:	2021-09-30 15:19:06 UTC
Last seen:	2021-09-30 16:19:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	db33f3adbfb2946d84eba5838cc0ccc2 (2 x ArkeiStealer, 2 x Tofsee)
ssdeep	3072:9qcl2zrtJZXbnIQQUCQSV0a477yP59Pnogg9RqyN1yBkvLC2V2YWlBaDt:Mc8HZLntuQSzPnXgT7LyBkvYYWlB6
Threatray	65 similar samples on MalwareBazaar
TLSH	T1A0349F01BBE0C034F4B752F6497993B5A52D7EB1AB2491CB22D43BEA5A346E4EC30747
File icon (PE):
dhash icon	e0f8e8e8aa66a499 (12 x RedLineStealer, 11 x RaccoonStealer, 5 x ArkeiStealer)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

d12a77192f287861907fa76e33a4c401.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-30 21:08:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/77d249c5-c665-4482-8fb8-53b5aaa7ab13

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/193720/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.27383.8617.3606.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/03575e98-7dd2-44f9-b12f-62460e9d5e9a

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/862045

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-09-30 15:20:08 UTC

AV detection:

24 of 45 (53.33%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3

5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d

6995cc187abb7a1e4d973a54078e041eedd383f505174f9ebb3f0b897fa06d60

70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb

b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238

b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541

c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b

ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852

e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

+ 55 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei stealer

Link:

https://tria.ge/reports/210930-sqrtdaabdm/

Behaviour

Arkei Stealer Payload

Arkei

Unpacked files

SH256 hash:

4b33410c1350737eb7eb734fb597c32083ae1a60955a871fe914b5ccff23a91a

MD5 hash:

e4e7f7cb036464db3050cf0fe6e7aaec

SHA1 hash:

44d6b2bfa01b4f2f7b3ffbd522d267af35a9cb01

Link:

https://www.unpac.me/results/840471dc-62d1-471d-af38-6d145a960b47/

SH256 hash:

52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0

MD5 hash:

d12a77192f287861907fa76e33a4c401

SHA1 hash:

2641c282d358e57ee0b2c9baaba9b68c8a448274

Link:

https://www.unpac.me/results/840471dc-62d1-471d-af38-6d145a960b47/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/193720/

URLhaus

https://urlhaus.abuse.ch/url/1603785/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample