MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55e2d64987ebc94f1ad0a9b0368a36064d63397f8c1143a8d2411e140bc5a1d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	55e2d64987ebc94f1ad0a9b0368a36064d63397f8c1143a8d2411e140bc5a1d6
SHA3-384 hash:	d60757808b23a51f3bb60d2fe21f3863c6eacbebd3db24ea0c2309013289df88bcb4e69847ec80fc6a069986b2b3b894
SHA1 hash:	465a8af3e8cc32d6c31cc1a20bed91193e75d40d
MD5 hash:	6f2a691b8767b318989a0ff66b47d6be
humanhash:	seven-hotel-california-cardinal
File name:	6f2a691b8767b318989a0ff66b47d6be.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	310'272 bytes
First seen:	2022-02-07 11:12:29 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0b9720143020bc87fe12346d653d6a51 (2 x ArkeiStealer, 1 x RaccoonStealer, 1 x RedLineStealer)
ssdeep	3072:ggqPIcE8bgjkl/m+23oWLCavqQgfvWiPWyfCEsxkgaBCh2MR8:ggqgzlj6WuJXX5KRigaw
Threatray	274 similar samples on MalwareBazaar
TLSH	T1E164BF117AD0D832C5921D30A429FBA05A7BFC714A63D20BF7A8BB5E2E703E15677352
File icon (PE):
dhash icon	a3b4dcac9cccb48c (1 x ArkeiStealer, 1 x RaccoonStealer)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/234859/

Detection(s):

Win.Dropper.LokiBot-9938483-0

Win.Packed.Filerepmalware-9938574-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/6231/overview

Behaviour

MalwareBazaar

SystemUptime

CPUID_Instruction

MeasuringTime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/620100f629cadcf625561216/reports/f93eb9f9-2c13-4ac4-826e-ba4de2a3b053/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/351b2a0b-32f6-4b27-8a13-a0f8f6a26045

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/935140

Signature

Antivirus detection for URL or domain

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Found evasive API chain (may stop execution after checking locale)

Found evasive API chain (may stop execution after checking mutex)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/55e2d64987ebc94f1ad0a9b0368a36064d63397f8c1143a8d2411e140bc5a1d6/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-02-06 14:15:35 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Verdict:

malicious

ArkeiStealer

35f7c913b8476777e49d08d4c6285c4a390cacd8fe969839148f6cedcd143ad4

ArkeiStealer

4fb9f08b1053d49ff58f30aa0016beefcd85041435ba9bb4b0402d99feb6df5e

ArkeiStealer

566e3c41fdeb0bf647f6e4058304c3fcd77f04c991beb8cbc485a0c180e567ea

ArkeiStealer

5c5d9711ea8ddb520646c0ac33e540c3860b795914749ee377040d8626ecc93b

ArkeiStealer

645e91f7847884ed72c8b53ebc8d266e92a18868ae6e527a8f9baafeaf7b985e

ArkeiStealer

7a7c19f6fb76910063eacc921a204e55b57ae3bbe824f0d8b2623ee17953ec40

ArkeiStealer

d6f82559be32a5739fd1c6a1eade697c8d90c331ec31cc7690dd2fdb4e70ab74

ArkeiStealer

dfa79a66fe28277b316ae4c4942adf37d399184ad13c983f7963e8bceb164e51

ArkeiStealer

+ 264 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:dafault stealer

Link:

https://tria.ge/reports/220207-nbhjyabed2/

Behaviour

Arkei Stealer Payload

Arkei

Malware Config

C2 Extraction:

http://saskatche.link/gate1.php

Unpacked files

SH256 hash:

26a665fad8aa7b5249fa938908460d8fc6ebad22072dceb9846caa6458af3150

MD5 hash:

5f5fc3ff56664b133ea6e434e955f287

SHA1 hash:

3d2356ec75c7ed0d9fb296f7b32042b67555eb51

Link:

https://www.unpac.me/results/a8844807-fad1-4897-89f5-d50f38be2572/

SH256 hash:

55e2d64987ebc94f1ad0a9b0368a36064d63397f8c1143a8d2411e140bc5a1d6

MD5 hash:

6f2a691b8767b318989a0ff66b47d6be

SHA1 hash:

465a8af3e8cc32d6c31cc1a20bed91193e75d40d

Link:

https://www.unpac.me/results/a8844807-fad1-4897-89f5-d50f38be2572/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/55e2d64987eb/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.