MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70
SHA3-384 hash: f1307075d145d1e5b961013ccfb3d76de835d99d2a611501ce615cd1d9fdb6f4326f4bc8ab871cf994954e35bcaa43c4
SHA1 hash: 8f52731e2913457773a9724529d08d5f54a11582
MD5 hash: ae16130af106856588001be62feb872a
humanhash: eight-fix-solar-triple
File name:ae16130af106856588001be62feb872a
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:1'297'920 bytes
First seen:2021-07-26 00:15:28 UTC
Last seen:2021-07-26 00:51:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c979fe0c05658311ec9697759161e91d (1 x ArkeiStealer)
ssdeep 3072:NgGyv3OFws+k3L5mU6jY9A+6bTpiIHLjLmNo5fq5pWj7MLfJU7Z9LXUoPxwAnjak:NgFveku562Ar/QOPyO5hLo//53tgM
Threatray 304 similar samples on MalwareBazaar
TLSH T17E554B78F6A58877E47E27B5AAD30A7455E0AC44BC50160FA1D20E3B3EFE3E1BD1A405
dhash icon 3b73494b59595b53 (4 x CoinMiner, 2 x RedLineStealer, 2 x RustyStealer)
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ae16130af106856588001be62feb872a
Verdict:
Malicious activity
Analysis date:
2021-07-26 00:19:16 UTC
Tags:
opendir stealer loader trojan phishing
Link:
https://app.any.run/tasks/7554f13c-de6f-4f4f-9fad-e2f2298c4d8d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174049/
Detection(s):
SecuriteInfo.com.Trojan.Packed.1164.29972.30873.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f945bed3-dcaa-49e2-acc1-25a264a1672d
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/821593
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file has nameless sections
Performs DNS queries to domains with low reputation
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Ransomware.Cryptor
Create hunting rule
Status:
Malicious
First seen:
2021-07-06 13:01:51 UTC
AV detection:
35 of 46 (76.09%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0768e83e8d36f21ea90867dcf3935ee48795daf2e4a0017979e752b865c95d9e
ArkeiStealer
12f5634cd28b25f6dcde9a1d7902d64ab4ded48b50e06e4ec0f583e03a156125
ArkeiStealer
33b70dd4266c366a2d80bfacb2b1aafdafc74019b0e8a6aa480bd909e73f3a6e
ArkeiStealer
37f96df377557cad9bdb2caa4064bbf4dd862e935a64e1d802d445358695e15c
ArkeiStealer
3cabdecbde62bcbd0f3528e45decf78d85e1b1d827a9cd19bb3cc1371d0cacae
ArkeiStealer
4b550c500aae1686f38edfc7e28fe3a7939b997e01ee73a432c0caa7ea69892b
ArkeiStealer
5389a958986f6ceccaa9e44006852becbccabfb07f126d69e6b031227fb0b487
ArkeiStealer
9dbdfcb4749e6e441ca65cf71d75944cf90111832d10b8048b70cfe084b6e675
ArkeiStealer
b2454961c84e927b086719e0bae8016bee823e17402fb0feca8bda4e63ff009c
ArkeiStealer
f2fcd49dd7ce2e64415e73f5276e813e90d53dea18f5fba68e1c8b55e0c1f631
ArkeiStealer
+ 294 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/210726-w3kmkjq8ye/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Unpacked files
SH256 hash:
287dcc627bc262ad8e95ac7d76a6f51db43757202b0e8153394d0433d5c79e77
MD5 hash:
4792bbf40c76e06b90d67c16827f9eb9
SHA1 hash:
6df6e7b760b5fc72e18797c24fb836efb3ce40e6
Link:
https://www.unpac.me/results/b74b599e-3f49-40c9-8125-6eb96e1d1e74/
SH256 hash:
7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70
MD5 hash:
ae16130af106856588001be62feb872a
SHA1 hash:
8f52731e2913457773a9724529d08d5f54a11582
Link:
https://www.unpac.me/results/b74b599e-3f49-40c9-8125-6eb96e1d1e74/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1481531/
Cape
Cape
https://www.capesandbox.com/analysis/174049/

Comments


Avatar
zbet commented on 2021-07-26 00:15:29 UTC

url : hxxp://185.215.113.32/2.exe