MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061
SHA3-384 hash:	4a926c2601ee7d2ea41e90cf83310e9bb19106bbca8b620130f6108443ad8d671ef0170b868ca8882ba01979d5314b4e
SHA1 hash:	1eebdb3019ca6855cb9701608d3d2221aa5e2f91
MD5 hash:	75a5305d1c91f809b95d87136a457f83
humanhash:	iowa-fourteen-idaho-violet
File name:	75a5305d1c91f809b95d87136a457f83.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	307'712 bytes
First seen:	2022-03-23 20:01:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	8f242c9c63ca6345b847b0a3155096ac (5 x Smoke Loader, 5 x Stop, 3 x ArkeiStealer)
ssdeep	6144:inB2j3smRj+uQ9qsfJzim6hlwLLC8uro/5:i0j3smRj+N/fJyh2HN
Threatray	370 similar samples on MalwareBazaar
TLSH	T15564BF10BBA0C035E1B752F889B993ACB92E79B15B2494CB63C51BEE57356E0EC31347
File icon (PE):
dhash icon	bedacaaecee6baa6 (2 x ArkeiStealer, 1 x RedLineStealer, 1 x Amadey)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

181

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/256850/

Detection(s):

Win.Dropper.Generickdz-9939781-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending a custom TCP request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10973/overview

Behaviour

MalwareBazaar

CPUID_Instruction

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/623b7ce5b94fb38cb4db7644/reports/3066b857-25b0-4718-86f4-715bf1931396/overview

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ac8ca535-aa13-40de-83fa-9ead5552cbd0

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/963271

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061/

Threat name:

Win32.Trojan.Raccrypt

Status:

Malicious

First seen:

2022-03-23 08:41:35 UTC

File Type:

PE (Exe)

Extracted files:

19

AV detection:

24 of 26 (92.31%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

088e9030bc73a47f4deeef9a332690a9568907a1858c5d957924a85b90fbc88a

3a2a1eff040a79d603b1ac2609a423ad8beb46d2876aa959f60dc98477707c0f

499656d285442a548d0f0356a414b5c50b7bd7815db52e845cf8729cd4bcc9bc

5aefbefef1a5a2ee938f4d9c7705b6e38b375b858d21dae1efc137f36b29751d

63fed261af5fb2e1eb439256eba9b6f96bbb9e2ee97c7f8211c5f60992f5a7e0

7022a16d455a3ad78d0bbeeb2793cb35e48822c3a0a8d9eaa326ffc91dd9e625

7f19bc8eb8f0555986de478bc9a17a8e052f4a9262b0a19b924d8e9c66a01ca7

de147d635d7404111032d34845dd05eddc00ae6ecf0814d89eed3c6a81c06629

e4420cb1590d572b0131bd5f04da689caca5d89595676ca8dd6770ec4a55cb83

+ 360 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220323-yr51aaaeb3/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

Arkei

Malware Config

C2 Extraction:

http://cheapa.link/4874185.php

Unpacked files

SH256 hash:

10879498aaf173229244d08e53cb3d31586061b7d97fb0a6ab1fbac7e74acb1a

MD5 hash:

bc990388a6c4d86a3be84dc3ad944ba4

SHA1 hash:

66c3686c7585771d6632e169b153a7559e986d66

Link:

https://www.unpac.me/results/e58fef03-5676-488e-acef-68b4aecac69c/

SH256 hash:

5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061

MD5 hash:

75a5305d1c91f809b95d87136a457f83

SHA1 hash:

1eebdb3019ca6855cb9701608d3d2221aa5e2f91

Link:

https://www.unpac.me/results/e58fef03-5676-488e-acef-68b4aecac69c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2112124/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/256850/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample