MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20
SHA3-384 hash: daa14a26be7022accceaa789995151be47aff976e77f11774752810c3e58065d44892323ba318570e803292aee555b4f
SHA1 hash: 3c65b90e1fd975ec17110a7e10067ae044232c36
MD5 hash: 6d333f6879aad330d10e6fa243bd9538
humanhash: autumn-kilo-pizza-pip
File name:7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:334'848 bytes
First seen:2022-05-06 08:15:24 UTC
Last seen:2022-05-06 08:39:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3b1460c086d18e8083905953059d9e3d (2 x ArkeiStealer, 1 x TeamBot, 1 x RedLineStealer)
ssdeep 6144:Go/aULObju+Ldc6TW3uqiYmimW511LS+jI2KWw59:GJ7bS8dc6T1FYp9v1+6KV9
Threatray 414 similar samples on MalwareBazaar
TLSH T1FB64C010BB90C035F1B722F09A7AC279B52D7EB15B2951CB62D52AEE57356E0EC3031B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2dacabecee6baa2 (33 x RedLineStealer, 30 x Smoke Loader, 28 x Stop)
Reporter JAMESWT_WT
Tags:ArkeiStealer exe micrwa-link

Intelligence

File Origin
# of uploads :
2
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
arkei
Create hunting rule
ID:
1
File name:
7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20
Verdict:
Malicious activity
Analysis date:
2022-05-06 08:35:20 UTC
Tags:
arkei
Link:
https://app.any.run/tasks/d8c5729d-9a60-46b9-adc3-b8422db23812

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/269024/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader44.58517.12903.8250.UNOFFICIAL
Create hunting rule

Win.Packed.Dropperx-9949379-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/16503/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6274d927be0219041a733369/reports/cd9b271b-6fec-4c51-a6a0-f738717ff0cb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9f88c583-0dfc-4e72-8983-9ee7daaf6fd7
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/988958
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking computer name)
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20/
Threat name:
Win32.Spyware.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-05-05 21:47:58 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
27 of 41 (65.85%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
088e9030bc73a47f4deeef9a332690a9568907a1858c5d957924a85b90fbc88a
ArkeiStealer
499656d285442a548d0f0356a414b5c50b7bd7815db52e845cf8729cd4bcc9bc
ArkeiStealer
4def4ad12c7aab38e6248c20e211272f1c920a0295c8beda6228543e58c2129c
ArkeiStealer
5760219348f8e2b162a4ed4c764d9d8c7333b2af9e97e1d437ff21a3da0e1061
ArkeiStealer
63fed261af5fb2e1eb439256eba9b6f96bbb9e2ee97c7f8211c5f60992f5a7e0
ArkeiStealer
a0fa31bcae15a52955443b7d0c7032cd970b9a52bb3c8642e37c2ea81519832f
ArkeiStealer
aedd3ab9ebad560ccd8f02129fd585ddeac9a9e921c9dbcb42beefb724bba10e
ArkeiStealer
df4876573295b4e7beb618db31a015ea617f61b811978bb168d432c4052f7731
ArkeiStealer
ee52d8834cce35ee8287c44108bd9f6fca35dc7ffa15ec2b699e254c1818ee18
ArkeiStealer
fcec85746f0f2a92b1268830d6d0b075eb9080707358b93ba5fbd917b1a0a8ea
ArkeiStealer
+ 404 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default stealer
Link:
https://tria.ge/reports/220506-j55jcahfc2/
Behaviour
Arkei
Unpacked files
SH256 hash:
377ab5005e53f4e6d61bd723c0f91a1b6b0b60b59dbb211759b9aefb1da66bec
MD5 hash:
3e444a684bf28f929620f9ad283f03eb
SHA1 hash:
8cd664fd6ef9d5abe6fdb3ed6d55729a8a20d5b5
Link:
https://www.unpac.me/results/13956443-f0fd-44c4-9163-757ff8b03cde/
SH256 hash:
b717f81e49db713d87389766e35b00947276e2c638388fb929e7217a806e1ccd
MD5 hash:
501a95d0a811db288e8abfcf1d3f1571
SHA1 hash:
8d3933f97f2745355f3205610eb09aba39c1c8af
Link:
https://www.unpac.me/results/13956443-f0fd-44c4-9163-757ff8b03cde/
SH256 hash:
7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20
MD5 hash:
6d333f6879aad330d10e6fa243bd9538
SHA1 hash:
3c65b90e1fd975ec17110a7e10067ae044232c36
Link:
https://www.unpac.me/results/13956443-f0fd-44c4-9163-757ff8b03cde/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7248563d27d6963821e6e2536510681ada58cad62969cfa1f7d835ba1694ad20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/269024/

Comments