MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9
SHA3-384 hash: 700b0e2d6abbc56aa0ae8b7b3e20123dc8fa2a81c19bc255abdf8f1c71d9cc07eb3e54877e352187d572e253829dc391
SHA1 hash: 0b03fc7860cfc066fb696dd18b7548a19843bb5c
MD5 hash: 5bbb21a2133f56e833e3a22f36082f23
humanhash: failed-foxtrot-aspen-lake
File name:5bbb21a2133f56e833e3a22f36082f23
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:340'480 bytes
First seen:2021-09-28 21:42:50 UTC
Last seen:2021-09-28 22:47:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 192411e2e19367f41197615b5b42abe3 (4 x ArkeiStealer, 2 x RedLineStealer, 2 x RaccoonStealer)
ssdeep 6144:t0vdkQMe0qB4IaMzQKotYLSfgW6Sj02uZrcAJrGJFvpYBnHSaa1c1:t0vdkdep4Ia2iiLSfgW50nZrjIbvp2n9
Threatray 44 similar samples on MalwareBazaar
TLSH T1F674CF10A7E0C035F4B322F549BAD3B9A93D7DF06B2490CB62D526EA5A356E4EC30357
File icon (PE):PE icon
dhash icon dcf2f8acf8f2ec50 (1 x ArkeiStealer)
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5bbb21a2133f56e833e3a22f36082f23
Verdict:
Suspicious activity
Analysis date:
2021-09-28 21:43:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3565c59b-6277-473a-8499-80f30e95b253

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/192733/
Detection(s):
SecuriteInfo.com.Packed-GDT5BBB21A2133F.11662.27409.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5bfe4d94-ba8d-444d-a2f6-de51cb070ae8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/860301
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 492731 Sample: bnBY1m78X1 Startdate: 28/09/2021 Architecture: WINDOWS Score: 52 34 Multi AV Scanner detection for submitted file 2->34 36 Machine Learning detection for sample 2->36 7 bnBY1m78X1.exe 1 2->7         started        process3 process4 9 WerFault.exe 9 7->9         started        12 WerFault.exe 9 7->12         started        14 WerFault.exe 9 7->14         started        16 4 other processes 7->16 file5 22 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->22 dropped 24 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 12->24 dropped 26 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 14->26 dropped 28 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->28 dropped 30 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->30 dropped 32 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 16->32 dropped 18 taskkill.exe 1 16->18         started        20 conhost.exe 16->20         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 21:43:06 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2c2cacb6f2ccce322ac72f5faf7d3dd612dbfb3b6209c6603692e4e9189d29d3
ArkeiStealer
42c5516e5e0e5c86be1240a83a95afabc8830c975d0b784f43b8eedc692330c9
ArkeiStealer
6ef9af06422a0b2cc70ae23b0439edf9b8e950c91596087cd537d6435c9c85e4
ArkeiStealer
79d1a0d0bd8b5672374ab7c97365a6b0276efc6755900cdbdcdb77019e69457a
ArkeiStealer
84b57d3d7fdabaebcd85cf01dbf14b9cb94e08fe081abcb60b218c1298c55995
ArkeiStealer
8d53be201d501a00295678466c9fe32c1a972faa705cd6b24636f789a349bb73
ArkeiStealer
cd8076d813038ef3a2a527e4d1a126da089b11eb61da11636cb67fc110e42baf
ArkeiStealer
dd5f95493c1963e9906cc31fbdc68be1220449dc163bc6d3afebd6e1e685ec0d
ArkeiStealer
e045b4a1c9f6640814f6e39903e1f03f2c7f1e3b3d1c6dbf07a409732655eff4
ArkeiStealer
e390ebfd3537c9b4210916f4e7762e4c12b5fc8825c93e65e3f01fc9f44ac16b
ArkeiStealer
+ 34 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210928-1kw5xadcaq/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Unpacked files
SH256 hash:
393447aa843f148cd22e887d1eda74062785f0b4a6f098fbcb0d024b5aa23e4e
MD5 hash:
07f99f9e2df157ae78339603186ac280
SHA1 hash:
cb295687ae130d85061676471abcaa5f60df4198
Link:
https://www.unpac.me/results/68a8c7ae-de66-452b-ad61-75438d7fd178/
SH256 hash:
8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9
MD5 hash:
5bbb21a2133f56e833e3a22f36082f23
SHA1 hash:
0b03fc7860cfc066fb696dd18b7548a19843bb5c
Link:
https://www.unpac.me/results/68a8c7ae-de66-452b-ad61-75438d7fd178/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_XORed_Mozilla
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research
Rule name:SUSP_XORed_Mozilla_RID2DB4
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed keyword - Mozilla/5.0
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 8e58fc8da8ccaf2d46f5592cb0842894007b9c0cafaac82a87b140f9de8914b9

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/192733/

Comments


Avatar
zbet commented on 2021-09-28 21:42:52 UTC

url : hxxp://194.145.227.159/pub.php?pub=two/