MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660
SHA3-384 hash:	d6ce15f7f57c842e21504ba4d5e6d7559840308f1fd6b7521d72d158e23302069389cc4128a631a1e81fe6e18e6481cd
SHA1 hash:	b2020ddaf3edff0094a60e01b58e6185a332f226
MD5 hash:	3c3b0816e78209cffa94b217dd30713a
humanhash:	freddie-triple-fish-echo
File name:	3c3b0816e78209cffa94b217dd30713a.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	272'896 bytes
First seen:	2022-03-23 19:57:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	40e5c5c7408818462da1afadba1094c2 (3 x RaccoonStealer, 3 x Stop, 1 x ArkeiStealer)
ssdeep	3072:/h7WIS7L7llMht09MviS4nkIczFTu8g8Kq9xu6y5h1HG6BZtmPpMbVFmBVizl2on:ills+iKvcztu8tKqCTxjsgViG2tpzY
Threatray	473 similar samples on MalwareBazaar
TLSH	T14144AE10B791C035F5B766F4897A83ACB93E79A25B2090CF62D51BEE16346E0ED3134B
File icon (PE):
dhash icon	badacabecee6baa6 (95 x Stop, 87 x RedLineStealer, 62 x Smoke Loader)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

181

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/256842/

Detection(s):

Win.Dropper.Generickdz-9939781-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10968/overview

Behaviour

MalwareBazaar

CPUID_Instruction

MeasuringTime

SystemUptime

EvasionGetTickCount

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/623b7bf2b94fb38cb4db7042/reports/02a4ad6b-9871-4d81-b845-9eb790d9ea0a/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e95fc11e-9cfc-43c7-8bd5-635c44f54b0e

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/963277

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660/

Threat name:

Win32.Trojan.MarsStealer

Status:

Malicious

First seen:

2022-03-23 19:58:16 UTC

File Type:

PE (Exe)

Extracted files:

19

AV detection:

19 of 26 (73.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lnf3dhej3bzfcjzvztcmnytwvemb6jfj4nunbfywplx4bwtwwzqa._file

Verdict:

malicious

Similar samples:

01a1bc516376847423c1c746bf012650483bc006a036053b529cdc1b0ec34446

04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2

2f79c41045be2704549003930a2712977bb4b854e51a55851432d01b01297647

523ff5fa555ad1837c439fd962b07f6cf17a56961fb0c9675d54f9724b476e5b

6081ec45cfd21e7ef92a44a9a190260ab2178cd87729038cd5005e5d18a9b1e4

8f3c17ac18a040730c85fc32be4a41d7a3c37555b46db36e008f917951f0b7af

9ad5db9f1437ee5bb03077090861e13efdcca1dfc46133f4b77504add9f18c38

b601b8c369fb891bc3856cab793446efde8c685d4c2ef4b556fb35b46253ad7d

d2212cabc4da0107627727c4138a08581480aaf1597b624d8607ee583ac0c33e

f732ae7b6856afcbadc0e5bcfee3f71da3570f45a5bdff81fa33468106d6bc2a

+ 463 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220323-ypvrjaaea3/

Behaviour

Program crash

Arkei

Malware Config

C2 Extraction:

http://coin-file-file-19.com/tratata.php

Unpacked files

SH256 hash:

111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840

MD5 hash:

6d15db437bc71c183dd9604829a5354b

SHA1 hash:

a0bbf5585eea01ef056a3a76d8975f6f585d7d01

Link:

https://www.unpac.me/results/74ccf41d-cabc-455c-a325-5757e8b17a7c/

SH256 hash:

5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660

MD5 hash:

3c3b0816e78209cffa94b217dd30713a

SHA1 hash:

b2020ddaf3edff0094a60e01b58e6185a332f226

Link:

https://www.unpac.me/results/74ccf41d-cabc-455c-a325-5757e8b17a7c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2063967/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/256842/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample