MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81
SHA3-384 hash: 647b7a46a8a0e9aad544de4199e6877058482f026da9423196e1c2477daf47ff5de1473ea917b7a2101aafec0ebc551c
SHA1 hash: c6799257bad2c9c2396eef115dac1465e204c37f
MD5 hash: 3d5abd77de9eb1fbcf454ead3dc98c99
humanhash: nineteen-shade-purple-carolina
File name:3d5abd77de9eb1fbcf454ead3dc98c99.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:1'534'976 bytes
First seen:2021-09-23 06:21:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c32368f78c61cf2d9d6654d89861a9fe (36 x ArkeiStealer)
ssdeep 24576:HBuzcdGnDDLNFX9qOZGPlhOCoNS8M7TRNF8mTWncJ4UdZpK:H2DrXxZwxiURNF8c/7dy
Threatray 195 similar samples on MalwareBazaar
TLSH T1B465E025D281F033D2B3FA38DD969B7F9B387E103914180B6EE82D691B253C1B5197A7
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3d5abd77de9eb1fbcf454ead3dc98c99.exe
Verdict:
Malicious activity
Analysis date:
2021-09-23 06:39:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab359587-355b-46d5-b000-6465d163f5ff

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/190501/
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a1c2f3c1-e21e-4e13-ad8d-6fc54eafe530
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/856457
Signature
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 06:22:08 UTC
AV detection:
19 of 44 (43.18%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
36d41de43aebe714bd9271beacc32e16b81143dcc6e4db40aaf305bb3a5b6517
ArkeiStealer
57af71329fbcd067e4a0e71b6b6a5ccb22c9ba806843928fcb02196259d34da1
ArkeiStealer
68057c01ea50c5514b856ded8170ba2285ad782f71c27bcc87cb9aaf91da3166
ArkeiStealer
69fb7b86d91b3770791529e3edab3aa7ed335c7cc66c8027f401fd4cd4088034
ArkeiStealer
9f7b738f2ff2ae60844f22c5b4e6e6b42312c2f5f32b3992dc65e5ac6d7a177b
ArkeiStealer
b6178d35d1973c2ed531152fc2f048484525498e4fd2a962b411936679fbd6d2
ArkeiStealer
c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa
ArkeiStealer
e063c47dce8d2f1121ceb4cf4b20688e975646ac831c0e5843d4536d7e1dfbce
ArkeiStealer
e9c16d954e11dae123f981ec7477975abbca8fcbbdbf0a4104eb79ead96ad8c1
ArkeiStealer
fac7d223d096dd7167c78cfb31471434b86f81343b4a2fe86e37c4d9a8079cec
ArkeiStealer
+ 185 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:1013 discovery spyware stealer
Link:
https://tria.ge/reports/210923-g4x2rsfba6/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Kills process with taskkill
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Vidar Stealer
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
Malware Config
C2 Extraction:
https://stacenko668.tumblr.com/
Unpacked files
SH256 hash:
7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81
MD5 hash:
3d5abd77de9eb1fbcf454ead3dc98c99
SHA1 hash:
c6799257bad2c9c2396eef115dac1465e204c37f
Link:
https://www.unpac.me/results/6dd3e1fa-8ea5-402a-a89c-a889852ba3b5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 7e6184155a7fa196577f5b5a03d8f2c4808b14eed19548490324fd9a88553d81

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1627241/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/190501/

Comments