MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 837d4db80b053556a26fcb2ee3aa58b7aacf1f1f6f58be8552982c30325f732b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ArkeiStealer
Vendor detections: 4
| SHA256 hash: | 837d4db80b053556a26fcb2ee3aa58b7aacf1f1f6f58be8552982c30325f732b |
|---|---|
| SHA3-384 hash: | b85db4e24accc0c7b9fc7452f3f1bade94e74ec7067f21f013ae2816028a13fe5860a4640fd3bde2ccf3659d4e2ea192 |
| SHA1 hash: | c47d8cf285caadda39031a08970bd90701773afa |
| MD5 hash: | 933b2a190a81c98cc2f495ac670b9240 |
| humanhash: | iowa-missouri-jersey-twenty |
| File name: | xxx.rar |
| Download: | download sample |
| Signature | ArkeiStealer |
| File size: | 5'179'980 bytes |
| First seen: | 2022-11-24 06:11:46 UTC |
| Last seen: | Never |
| File type: | rar |
| MIME type: | application/x-rar |
| Note: | This file is a password protected archive. The password is: 1234 |
| ssdeep | 98304:CAsRCI4VxNu6u+VJ8A5SZx6RktBW3itI3jXp2c7DAK6/KytxaZ8HXvK4lF9UGpzj:lsR14fNB34Lxg3uuj52cP6TaZ83vK6lj |
| TLSH | T1B43633050544BC8E0E27CE9E4DCA566BE847AD76F50CD8483A366BAD61FF86C1031F9E |
| TrID | 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1) 41.6% (.RAR) RAR compressed archive (gen) (5000/1) |
| Reporter |  ankit_anubhav |
| Tags: | ArkeiStealer Evilcrackz file-pumped pw-1234 rar vidar |
Indicators Of Compromise (IOCs)
Below is a list of indicators of compromise (IOCs) associated with this malware samples.
| IOC | ThreatFox Reference |
|---|---|
| http://88.198.106.9/ | https://threatfox.abuse.ch/ioc/1023376/ |
Intelligence
File Origin
# of uploads :
1
# of downloads :
334
Origin country :
THFile Archive Information
This file is a password protected archive. The password is: 1234
This file archive contains 23 file(s), sorted by their relevance:
| File name: | Japanese.ini |
|---|---|
| File size: | 94'046 bytes |
| SHA256 hash: | 9077b41d743ed6af51cd9b8aedaebb6d1e0e6217825635a1aa9451994efaff0f |
| MD5 hash: | 36d47bfae8d0d48d56b7b1feb3b317e7 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Swedish.ini |
|---|---|
| File size: | 106'964 bytes |
| SHA256 hash: | f1ee3b2de54ee588813a7dbffca7e7607bbb769c763cdf73ccd600e06346fe1d |
| MD5 hash: | d0280eb9ebf7e5f9b91dc0e405bd7178 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Thai.ini |
|---|---|
| File size: | 106'098 bytes |
| SHA256 hash: | 172276c875a496c173b349e24f7dec66ddda24f6a424120a13de73ef5e70ba07 |
| MD5 hash: | b193d9eacf4afac3199e11b4f4cb6572 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Korean.ini |
|---|---|
| File size: | 94'172 bytes |
| SHA256 hash: | ad556989f6e4a683d9668e41d2d7175b7b46847c2eef26188b9075fc600d0132 |
| MD5 hash: | efae0c78be2abe2920c78b9d4785ab45 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Slovak.ini |
|---|---|
| File size: | 111'936 bytes |
| SHA256 hash: | b5b2f7fc1c62f1c8161ec59af79cf5e8f12cb0070264703087dcc5cb58e7352a |
| MD5 hash: | fcba4d2df72a46575ca828c807224431 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Danish.ini |
|---|---|
| File size: | 109'980 bytes |
| SHA256 hash: | 59df77a75aca7c0a8574f6d4b5be5632908c4fea8634f4748e36ff6fee40e317 |
| MD5 hash: | 5f50b22de0efb245cd3b8f2fb50a6d3d |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Vietnamese.ini |
|---|---|
| File size: | 108'398 bytes |
| SHA256 hash: | 7b939fb24a88a01b1e45b37427dccb8a319cead04fd012136551f36b4363e887 |
| MD5 hash: | 9ee05121e1a02efeec015669d96161eb |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Uzbek.ini |
|---|---|
| File size: | 79'716 bytes |
| SHA256 hash: | af11b0cbdcb67ddc024272d45d098cf1da8a21661fe9f6fb7a0239d0c6684531 |
| MD5 hash: | 29dc4e77b361bbce2780610edf092861 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Norwegian.ini |
|---|---|
| File size: | 106'850 bytes |
| SHA256 hash: | 1c99b7b06af0d5ac5582f00447fbe04e2325e173666cba8ce2d18678f7b31e3b |
| MD5 hash: | 5cf9c294bd9d233d95e54e198bd8b4ab |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Croatian.ini |
|---|---|
| File size: | 107'972 bytes |
| SHA256 hash: | 5bf2b70edb78073f3ce4fe6d809a3a25c982cb2840b8ebaf4367ebc42f16bd3e |
| MD5 hash: | 8477123868f12632d652c6da5df683c2 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Indonesian.ini |
|---|---|
| File size: | 108'516 bytes |
| SHA256 hash: | 9e52e0b1f7ec39a36e2edd0231dc98865de8524a651fcf6b1b948a575e35fd0f |
| MD5 hash: | d944d8a3551719a176db4da31733ab75 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Finnish.ini |
|---|---|
| File size: | 109'246 bytes |
| SHA256 hash: | eb6cd045c3899f7ca4a7ecd4e8211478720206b3e607ab21c22e164f4c684510 |
| MD5 hash: | 09abf1d7277a388b362c7c94012c9655 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | UyghurLatin.ini |
|---|---|
| File size: | 111'572 bytes |
| SHA256 hash: | d517f3322a43292dbb241597353ad01013ee3be86d666c83d87c0eda4f56f926 |
| MD5 hash: | 98eb38cef87e8fa6e6d2619577d4265f |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Kazakh.ini |
|---|---|
| File size: | 108'542 bytes |
| SHA256 hash: | 1fde00989b3baeb67e6b1f8654cd2fc7216a40a4c5a5a9a64d03d47ee95e76be |
| MD5 hash: | fe2b5687f2de60cb55629fd7f0ca9a21 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | English.ini |
|---|---|
| File size: | 109'732 bytes |
| SHA256 hash: | 0f9d467f6bb6f682c0d1351b26038950c73720f2bfc0741ec1c7bfab2046d75f |
| MD5 hash: | 525ce1c02ca53f9c63cb697ed3aae899 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | TradChinese.ini |
|---|---|
| File size: | 87'816 bytes |
| SHA256 hash: | eb8fc39f2551834010f3748d81e5f842a1b4e27adb87e425b764bb9152b55cb1 |
| MD5 hash: | dc01555f89e044192a9ad584b62e41a7 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Hebrew.ini |
|---|---|
| File size: | 100'292 bytes |
| SHA256 hash: | 42ba655e5b635698995a588f4dd39147be867a0c4b45fd49edc65982b12b9531 |
| MD5 hash: | dbf6973ac46a0adcae8500a16cce4e48 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Ukrainian.ini |
|---|---|
| File size: | 109'418 bytes |
| SHA256 hash: | f1f0c46ed4c136149fd57d9cae512242a023e14dd13d7c633bb4f7bf9ed71343 |
| MD5 hash: | 9482109e20bf801180bbe11e0603c972 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Kurdish.ini |
|---|---|
| File size: | 108'894 bytes |
| SHA256 hash: | 94ac43cb7eb95277db44616a53b23e9174415377b4b3b98a1bdfc98d06a40a4b |
| MD5 hash: | af61b416403963d653f5008aaba82e03 |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Hungarian.ini |
|---|---|
| File size: | 109'800 bytes |
| SHA256 hash: | fe9997629d296908247a2e82da6c369e2ea7eb4c87b12fc7c8d3ecb3e6fc320d |
| MD5 hash: | 7591df7fae4342cbc7a0706e1b28e87b |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | SimpChinese.ini |
|---|---|
| File size: | 88'182 bytes |
| SHA256 hash: | 1bfa864f7012e64f5c1656fc5636ea29e87e2a45b5eb2c31a3b20643fdd8ad4d |
| MD5 hash: | 7aad044a68d89d8bb5a202f8bc69d87c |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Sinhala.ini |
|---|---|
| File size: | 108'584 bytes |
| SHA256 hash: | b6fad3bf2adba7c77641ee1a17ff4cd9e5e9b14bac1b855346c91a286e517504 |
| MD5 hash: | 318ee9a93c4620940f88052b904f05ce |
| MIME type: | text/plain |
| Signature | ArkeiStealer |
| File name: | Setup.exe |
|---|---|
| Pumped file | This file is pumped. MalwareBazaar has de-pumped it. |
| File size: | 421'296'824 bytes |
| SHA256 hash: | ddf5cf80eaca67992ac2c5d4ca58116665766352deb9f8e3910d6888338955a6 |
| MD5 hash: | 4497ad136c5c5364211399958e4c2b9f |
| De-pumped file size: | 4'195'840 bytes (Vs. original size of 421'296'824 bytes) |
| De-pumped SHA256 hash: | 9f47198b35478784b38b1094f82d96cb6d50c3edc4a0139ac4ccd9e822c86feb |
| De-pumped MD5 hash: | 93e9a7b6faee87dca18870bc840ba761 |
| MIME type: | application/x-dosexec |
| Signature | ArkeiStealer |
Vendor Threat Intelligence
Gathering data
Result
Verdict:
SUSPICIOUS
Detection(s):
Suspicious file
Result
Malware family:
vidar
Score:
10/10
Tags:
family:vidar botnet:1364 discovery spyware stealer
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Vidar
Malware Config
C2 Extraction:
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
https://steamcommunity.com/profiles/76561199436777531
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
ArkeiStealer
rar 837d4db80b053556a26fcb2ee3aa58b7aacf1f1f6f58be8552982c30325f732b
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.