MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac
SHA3-384 hash: 0bfefa4512c52b6b303a42e21ffe34414c114a2cc72a60ddf1075637e275ae6644e4d04e26a506f2c77c9e16c4ee92f9
SHA1 hash: f2746404d73e04a896a9f1c752b9ae1c36d17a08
MD5 hash: b4250a21138df77de5d84f697e4f0110
humanhash: pip-alaska-edward-arkansas
File name:b4250a21138df77de5d84f697e4f0110
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:2'264'576 bytes
First seen:2021-09-12 13:49:14 UTC
Last seen:2021-09-12 15:23:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 80760f8671889494697e288805e9c013 (1 x ArkeiStealer)
ssdeep 49152:WPkgSd2dvllTSUfbfPFyaNLza/Umc4vNWq:WPrSd2dLTSWbnxgVWq
Threatray 444 similar samples on MalwareBazaar
TLSH T1EFA57D33B2C18437C0772A3CDD1B6A5D592ABE212D38944B7BE41E4C1E39691BD2D2DB
dhash icon 70f0c9e0dcd8d8de (3 x RedLineStealer, 2 x CoinMiner, 2 x DCRat)
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b4250a21138df77de5d84f697e4f0110
Verdict:
Malicious activity
Analysis date:
2021-09-12 13:51:52 UTC
Tags:
opendir stealer loader trojan
Link:
https://app.any.run/tasks/6813c263-ac97-4b76-9b08-f5708520e0a1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/187138/
Detection(s):
SecuriteInfo.com.UDS.Trojan-Spy.Win32.Stealer.gen.29125.26010.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Connection attempt
Sending an HTTP GET request
Modifying an executable file
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger
Link:
https://www.filescan.io/uploads/6174f7e2a9d585e6d537048b/reports/44550c53-9c85-4dd2-ba2d-27ea5591b996/overview
Malware family:
Induc
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/330c189f-e5f3-4a4a-9b07-0fee7b62597a
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/849379
Signature
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-12 13:50:07 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
111dd17966a5f7058eb1cfc468c1d062602437a69694aa05eff97d121d611408
ArkeiStealer
120a50bdd5effe67ea0270aa7f938039e7a5e6a589a13e9371e381f4d1518dcd
ArkeiStealer
341970fa08050ae3de11bf7d13c9f76f818298c1f8af73e285fc56a0bb12b77b
ArkeiStealer
3d59ac598ad756cfa7d56ea28d85071266ccfbcec2bc952600ff82fec99d633c
ArkeiStealer
3e46c3912ced6d4821bb215ad4feb1711e3f0becaae258899ce77037c648048a
ArkeiStealer
66a4ad6ad86ac5cc502368cdd94be1164da5fb4da4b2c2048a09c1c37b175f40
ArkeiStealer
7173381414ec85250c6bd3c9b803f2d49b98a7826c8aeea37d9328d5e74d7fb6
ArkeiStealer
7fb3e8a0c4b50a519c283a7b7702ccd23c38e78dc251d32b120d8e8a89f87b49
ArkeiStealer
f3caecffb11faf28d31a3f30e39511ab1dbbce621259b73172d94f9a75962d1c
ArkeiStealer
+ 434 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei discovery spyware stealer
Link:
https://tria.ge/reports/210912-q49v1accg4/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei Stealer Payload
Arkei
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac
MD5 hash:
b4250a21138df77de5d84f697e4f0110
SHA1 hash:
f2746404d73e04a896a9f1c752b9ae1c36d17a08
Link:
https://www.unpac.me/results/649d219f-ea37-4df0-b107-047879058096/
Malware family:
CryptOne
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/5ea70d1ccacc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/187138/

Comments


Avatar
zbet commented on 2021-09-12 13:49:15 UTC

url : hxxp://37.0.10.214/WW/fileT.exe