MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 6

Intelligence 6 IOCs 1 YARA File information Comments

SHA256 hash:	5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b
SHA3-384 hash:	2d97f24ebaa8d8b63c56c38fa518eed8874080cda3e48393e35a7750bed4f454afb0de5d9c63825e9c94a28495eb1f86
SHA1 hash:	fe9faac111ce264b04380f2d5566fd5eb1a6f10e
MD5 hash:	64ad537f849ede7dfb246fe43fbaa90d
humanhash:	hamper-single-speaker-seventeen
File name:	lnstaIIer_.x64 (1).zip
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	10'176'685 bytes
First seen:	2022-10-28 10:23:55 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:Q5VKJdy4aB9OK9STmtb8kASw/uJrD0qPsLN+xxctbYDJ16Ij:By46A/CWSHrpPuec5Y1Lj
TLSH	T15AA61398DBC33EEAC9198E31E1813F703315D921F9259AB34B154AC56FEB660DE130E6
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	SquiblydooBlog
Tags:	ArkeiStealer file-pumped vidar zip

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
http://88.119.169.42/	https://threatfox.abuse.ch/ioc/891582/

Intelligence

File Origin

# of uploads :

# of downloads :

242

Origin country :

n/a

File Archive Information

This file archive contains 10 file(s), sorted by their relevance:

File name:	cef_200_percent.pak
File size:	383'531 bytes
SHA256 hash:	fcfd1fb942d1e7ad49448edf53f78824f8b35f6ee61bb578ffe4f76ae1460969
MD5 hash:	7f06123fd09547a8337907fa85dbb4cb
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	YandexDisk3ShellExt-1511.dll
File size:	972'960 bytes
SHA256 hash:	4637c2a9554bc0289a4789a538b09221a216ef74644bcd05a50bc334d17cf306
MD5 hash:	62985a9dd149cbe7d518cdefd6abed78
MIME type:	application/x-dosexec
Signature	ArkeiStealer

File name:	chrome_elf.dll
File size:	444'064 bytes
SHA256 hash:	9a5a2fa253aedf6a131cbd1d6c2e77c33ee116a245afa8319421de0dfe518303
MD5 hash:	d0a014abef7e4b74e9f1ad2933a1bf12
MIME type:	application/x-dosexec
Signature	ArkeiStealer

File name:	tr.pak
File size:	265'482 bytes
SHA256 hash:	e51edf418005cd1b046d95d1e6c87b3e432a13cfaf1e103a6bcc9138372484d0
MD5 hash:	fed97cff34c4674a0b01cfcb932a792e
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	cef.pak
File size:	6'078'416 bytes
SHA256 hash:	60ef7be6890f6615d891d9d0c8cd5c4627347fbc6b9d9f2c64afd72bfb2c8aee
MD5 hash:	dee83c9b0a2e80605f66315dca8ab4ec
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	en-US.pak
File size:	220'630 bytes
SHA256 hash:	91e82cce314ec0bd353ffd0a6fb8ed00996ca7f34a66d87fd2ed782287959fb0
MD5 hash:	303ec815dcffef129839caf422bcbe73
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	uk.pak
File size:	427'059 bytes
SHA256 hash:	8755811c7cf9a4859ee7b195ccec029b72012492d7e14362a35198543062a97e
MD5 hash:	245b1dfb732a3fbe8c1c520abafa0787
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	ru.pak
File size:	418'198 bytes
SHA256 hash:	cce042d27383662754d938f1c344574b2d0542e36cd0f1f47483bc5f9bd6c1a2
MD5 hash:	5282dcbc4fb095c0211667c35db721f7
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	cef_100_percent.pak
File size:	277'660 bytes
SHA256 hash:	08352285ef68bed4fe2d0638ace02beaeb588b7a4ba639fa63ff9c08783ac1d1
MD5 hash:	11a8c10579ce2ec75214f5d54e4acae8
MIME type:	application/octet-stream
Signature	ArkeiStealer

File name:	lnstaIIer .x64.exe
Pumped file	This file is pumped. MalwareBazaar has de-pumped it.
File size:	760'571'904 bytes
SHA256 hash:	c22b6a9efeae7a28b2fa8c18fa380d87d4b9748c607ef79556f295f18e7bef5e
MD5 hash:	d57438cbcc30f49d6beef2f49e60a591
De-pumped file size:	6'106'112 bytes (Vs. original size of 760'571'904 bytes)
De-pumped SHA256 hash:	30eb1174412010512f13dd33bbad41e759c75f3f9cc96146ab2661bd723b246f
De-pumped MD5 hash:	2c97fecf8c25eb347068ee42a17523ef
MIME type:	application/x-dosexec
Signature	ArkeiStealer

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.23803.25635.UNOFFICIAL

Gathering data

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-10-21 18:04:41 UTC

File Type:

Binary (Archive)

Extracted files:

164

AV detection:

7 of 41 (17.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lrmukncpkkvzuky4ucujy3niudce4bbvharin5x2xtloxewusvvq._file

Result

Malware family:

vidar

Score:

10/10

Tags:

family:vidar botnet:1729 discovery spyware stealer

Link:

https://tria.ge/reports/221028-mfczksfcf2/

Malware Config

C2 Extraction:

http://88.119.169.42:80

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

zip 5c5945344f52ab9a2b1ca0a89c6da8a0c44e0435382286f6fabcd6eb92d4956b

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2389389/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample