MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7
SHA3-384 hash: 94edd2680f31a13f227ba9358e124d890cb9fc46c7648b03f25f9f43392c50b7ac3c4d80c69b0c1266635145c2b40f72
SHA1 hash: 326e063932815cc7d321b47e568088b50e81ea84
MD5 hash: ce5137f3494f3ce381cb0f2bfe5ce4d9
humanhash: avocado-vegan-colorado-cold
File name:ce5137f3494f3ce381cb0f2bfe5ce4d9.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:300'544 bytes
First seen:2021-10-01 06:56:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fd6de8b7ac14820eae90d7350ac48ac (5 x RaccoonStealer, 4 x RedLineStealer, 3 x Tofsee)
ssdeep 6144:TeilkGgZzN076qNmCqJL60YOOhxxdeTr/ekI:7TgZzS7tNqL60+zxd6L
Threatray 490 similar samples on MalwareBazaar
TLSH T16954AE0C7682DFE2D67605F1EB86C7E0496CBD2C5E6A764B3B98731E3E3D3919A11201
File icon (PE):PE icon
dhash icon 4839b234e8c38890 (121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ce5137f3494f3ce381cb0f2bfe5ce4d9.exe
Verdict:
Malicious activity
Analysis date:
2021-10-01 07:04:15 UTC
Tags:
trojan stealer loader
Link:
https://app.any.run/tasks/34d4f9fd-c170-4ee5-b085-b08fb34018c3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/193904/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.29607.32199.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending an HTTP GET request
Modifying an executable file
Creating a file
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/937770e0-e15b-4f10-846d-03fc2d7f2741
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/862530
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-10-01 06:57:50 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3
ArkeiStealer
5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d
ArkeiStealer
70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb
ArkeiStealer
b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541
ArkeiStealer
c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b
ArkeiStealer
ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852
ArkeiStealer
d4928b68e9f811d65718737a7eea99963cc2b9778fb127151e610868fcb9de7e
ArkeiStealer
e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b
ArkeiStealer
edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565
ArkeiStealer
f3caecffb11faf28d31a3f30e39511ab1dbbce621259b73172d94f9a75962d1c
ArkeiStealer
+ 480 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei discovery spyware stealer
Link:
https://tria.ge/reports/211001-hqx1aabag7/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei Stealer Payload
Arkei
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
885315bdd2717ac37c838f30a380a4ec39e2a8cb16fa1c5f775d9094a77583bc
MD5 hash:
155a708e998d5fabf8d9ec57c6e9c092
SHA1 hash:
276d2b786bf9f67a389465c569f744a19fbef108
Link:
https://www.unpac.me/results/e64e37cd-2687-4d54-8dbe-0cb66fade799/
SH256 hash:
71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7
MD5 hash:
ce5137f3494f3ce381cb0f2bfe5ce4d9
SHA1 hash:
326e063932815cc7d321b47e568088b50e81ea84
Link:
https://www.unpac.me/results/e64e37cd-2687-4d54-8dbe-0cb66fade799/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/71afc45f296c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1603785/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/193904/

Comments