MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f
SHA3-384 hash: e8068d1f492c134f51f6989686d91dc4feaa3f1472b882fdb513d2c0e4e663960636a2f5da310479b2a80f631df65a7c
SHA1 hash: 6ffaac587de03785c65d27c6ee42404a762378eb
MD5 hash: 700ef938c9a4cb88f83ff466309ebe75
humanhash: zebra-shade-alaska-monkey
File name:Kaspersky Internet Security crack.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:2'554'797 bytes
First seen:2022-06-05 13:10:17 UTC
Last seen:2022-06-05 13:43:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5dd6748a8bf8c3a3d51aac89447af978 (11 x RedLineStealer, 8 x ArkeiStealer)
ssdeep 49152:qMgoOtAyhVhYi2vCefT1DKsY0/vm+6JQI:qMgoOtAyhVhYiDefT12sY03k
Threatray 4'277 similar samples on MalwareBazaar
TLSH T1B1C51A135A8B0E75DDC27BB4A1CF633A9734EE30CA2A9B7FF609C53559532C4681A702
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter JaffaCakes118
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
446
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://www.mediafire.com/file/mq35rgbf7kfgk1w/Roblox_Executor_download.rar/file
Verdict:
Malicious activity
Analysis date:
2022-06-05 06:46:45 UTC
Tags:
trojan stealer loader
Link:
https://app.any.run/tasks/6d36f3c9-5b4f-4b5f-a21c-0117b8e1e92a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/276823/
Detection(s):
SecuriteInfo.com.Variant.Babar.59485.7863.3798.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Launching a process
Searching for synchronization primitives
Сreating synchronization primitives
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Creating a window
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug babar overlay packed redline spyeye wacatac
Link:
https://www.filescan.io/uploads/629cab67e6995f35700f9154/reports/3ae3227a-2799-4eab-8f2d-99a66f40f842/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/641c8678-b9cd-42f6-a5fb-6bbc232d05e2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f/
Threat name:
Win32.Spyware.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-06-05 09:35:16 UTC
File Type:
PE (Exe)
AV detection:
18 of 24 (75.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rbxla6xtpgyoqxnp64ljrlzs2jcg6oxw6oubhld5oedaurrzogpq._file
Verdict:
malicious
Similar samples:
276c53f94cd439030cfcf87cf945c5fcb042046bf696dcbf0923a4c3084020c0
ArkeiStealer
51fda686a2702205373d05e4fa414c0dd78cec4a639f118cfd42dd598483bf5b
ArkeiStealer
6862b3b655631f6e5269a79700e794a62158949535133ad6ba376c6a270a6763
ArkeiStealer
7cb09dd4d3a661362b75ea236711ab5601f636edb0d2c647fa8f18e190678b1d
ArkeiStealer
968844ff2295c9ff1a03e527b1989c07b98aa0df702ed1e83fad251bbe1f3514
ArkeiStealer
c37ab7fc4b65b54fcb9c3c6493a94ae57e32b6a9fe2c6b61f835e7c5aed744dc
ArkeiStealer
df26b54b984ae1b94fecde99e7b0513a305164f9000929d3467a95d16e33667d
ArkeiStealer
+ 4'267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
spyware stealer suricata
Link:
https://tria.ge/reports/220605-qext5safa9/
Behaviour
Checks processor information in registry
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Loads dropped DLL
Reads local data of messenger clients
suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
Unpacked files
SH256 hash:
2a9fd76412a9062cb5f5faaa1079da469ea1a9b1b1b01a381a3837d26d5bbd81
MD5 hash:
595deb7a1a4ed2cc6af8e01c2f825919
SHA1 hash:
0b5133c8e43a9d46a3bc03f8f540bbaf15ee7e9a
Link:
https://www.unpac.me/results/7a44975e-20a0-49c1-9609-e26db4062dd8/
SH256 hash:
886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f
MD5 hash:
700ef938c9a4cb88f83ff466309ebe75
SHA1 hash:
6ffaac587de03785c65d27c6ee42404a762378eb
Link:
https://www.unpac.me/results/7a44975e-20a0-49c1-9609-e26db4062dd8/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/886eb07af379/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 886eb07af379b0e85daff71698af32d2446f3af6f3a813ac7d71060a4639719f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/276823/

Comments