MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb
SHA3-384 hash: 4630b53560a8e23df8a7acca36c1e5c0d85bd5b6777e4b725ef25a8138217af8ee5deaf5f840aa7e48ed6ec16893d496
SHA1 hash: 684888f059ddc273897d8bbd31dd5d48c411c754
MD5 hash: 2c6025fca82aff7f120e5cf208113372
humanhash: venus-mars-robin-carpet
File name:2c6025fca82aff7f120e5cf208113372.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:516'608 bytes
First seen:2021-09-29 07:04:30 UTC
Last seen:2021-09-29 08:12:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 82a23cbb1daea9d25c08002280929c3d (1 x ArkeiStealer)
ssdeep 3072:wGOTkZLxl8On9UUnArw+ZEUzZELeUoPxwAnjaPM76DBQ+E0RqfUE+kvHTz96K6SN:reY4kLvBlRqfR+2Tz96KncK
Threatray 480 similar samples on MalwareBazaar
TLSH T125B43C78E241DE2BE47D2B78A6DB0E62556278C870008A4FD3A10EDF7F5E7E67C0A145
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
071f6bd61aef9f209be1bfb16ef1fb14bd44804fcab511b129deeb7822948ef9.exe
Verdict:
Malicious activity
Analysis date:
2021-09-29 03:26:13 UTC
Tags:
trojan evasion phishing opendir loader stealer vidar rat redline
Link:
https://app.any.run/tasks/2474f6df-9754-4dfa-a8ad-59e9cc2c659e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/192846/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47068357.10813.15184.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/339d6650-8c64-4467-ade0-b498c92fe83e
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/860924
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-09-28 12:16:04 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3
ArkeiStealer
5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d
ArkeiStealer
70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb
ArkeiStealer
b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238
ArkeiStealer
b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541
ArkeiStealer
c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b
ArkeiStealer
ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852
ArkeiStealer
d4928b68e9f811d65718737a7eea99963cc2b9778fb127151e610868fcb9de7e
ArkeiStealer
e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b
ArkeiStealer
edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565
ArkeiStealer
+ 470 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei discovery spyware stealer
Link:
https://tria.ge/reports/210929-hwh4baeafm/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei Stealer Payload
Arkei
Unpacked files
SH256 hash:
5401ea92b64140db2b5cba0d9ad93f10a9b46e9e4d43f0a9fe75e7ea748d2dfe
MD5 hash:
eb7699982c1b8f75e97acb8f3026a019
SHA1 hash:
71458cfeaa2f3fc9babba44181e24684548d4e00
Link:
https://www.unpac.me/results/bb300bc4-5fe7-40de-b6e6-70d96141f740/
SH256 hash:
8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb
MD5 hash:
2c6025fca82aff7f120e5cf208113372
SHA1 hash:
684888f059ddc273897d8bbd31dd5d48c411c754
Link:
https://www.unpac.me/results/bb300bc4-5fe7-40de-b6e6-70d96141f740/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/8104ca049d63/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 8104ca049d63de80339bf38af00601a25405fcc84a7a1df39001d21f1c71f8eb

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/192846/
  
URLhaus
https://urlhaus.abuse.ch/url/1642857/
  
Delivery method
Distributed via web download

Comments