MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62f841f2fc669ffb71740a3ab29e8a9608f5296ee989e07516f88b7645f3f18d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 4

Intelligence 4 IOCs YARA 2 File information Comments

SHA256 hash:	62f841f2fc669ffb71740a3ab29e8a9608f5296ee989e07516f88b7645f3f18d
SHA3-384 hash:	cc7029d902d5f0ed9d5f6617487e4046e64e48e3595544c31faa762b6f42d158fefe8bb4165c6fcd4336da0946f1dddb
SHA1 hash:	fc12407ef463d0ce56fddcdc89bc0189c239f20d
MD5 hash:	8a840f5a484e13eed591e5e2903eb2cf
humanhash:	sweet-angel-freddie-tango
File name:	8a840f5a484e13eed591e5e2903eb2cf.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	355'786 bytes
First seen:	2020-06-29 07:19:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	024777d75038b97f307787d38439e499 (2 x ArkeiStealer)
ssdeep	6144:6DyToo4yRfE+KzE3/i4c0gX0clwaGgKl/JnJNQmnyt/0Ql:6Pse+KzE3RcryaGgCBJJydJ
Threatray	8 similar samples on MalwareBazaar
TLSH	F5749E1D73E48730E1828AB011E69374969FF5385A5A6E1EE3C39B1834E19D1BB363D3
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/15532/

Detection(s):

SecuriteInfo.com.Mal.VBCheMan-C.22886.23221.UNOFFICIAL

SecuriteInfo.com.Mal.VBCheMan-C.21619.30807.UNOFFICIAL

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62f841f2fc669ffb71740a3ab29e8a9608f5296ee989e07516f88b7645f3f18d/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-06-29 06:21:36 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ml4ed4x4m2p7w4lubi5lfhuksyepkklo5ge6a5iw7cfxmrpt6ggq._file

Verdict:

malicious

ArkeiStealer

0e63648bfd0943ee88abab80717d3a3477c485bdc53e93c40c1183eb196f53b3

ArkeiStealer

0fc1100eb083ce6f3b25e85af328e2b3c70f3bb7d62090c86d467c706b816e1f

ArkeiStealer

3700f2c5fe27c80e41984b2a55f236655a09f0781c05b265bccb26165318d78a

ArkeiStealer

470f7e4b374c37aeb60ce012b83d1da04899dbeda81f6a1799aadefc7789f5e6

ArkeiStealer

4860f303cff9925131edb7ce8b5ac727869bf318a88aecb3a31a258f2679de5c

ArkeiStealer

5ef7ff9bda8ff5f5b6154a27e1f37a51f01fd56e2e37aeb1ac71d1d6bf6a20c1

ArkeiStealer

e91568f40d148d2bdf04cf14156febbbb0d72e10b876c38d0900e0a66cb8706f

ArkeiStealer

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/200629-s7j6krxs1x/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Maps connected drives based on registry

Uses the VBS compiler for execution

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_oski_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	win_vobfus_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator