MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94a9f0e647538d75f4ce438e0371d246285006324d0caee11360b6092735346b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94a9f0e647538d75f4ce438e0371d246285006324d0caee11360b6092735346b
SHA3-384 hash: 287e410424b8a87e717aecf543ab7652c91bae64d5d402c4bf16783dd6d5cbd8ae5b19e9094b76f42fae2eb1fc1a145c
SHA1 hash: 84647ce6bb9bd4883919beaf0c36e0c63ca7988f
MD5 hash: 8cb5a1e62ee62a62b03ff43681a6a84d
humanhash: sink-bakerloo-fanta-maine
File name:94a9f0e647538d75f4ce438e0371d246285006324d0caee11360b6092735346b
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:511'630 bytes
First seen:2020-03-27 05:46:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c9adc83b45e363b21cd6b11b5da0501f (82 x ArkeiStealer, 60 x RecordBreaker, 46 x RedLineStealer)
ssdeep 12288:pANwRo+mv8QD4+0V16E85++ZaXFdUZwLN4cQzeX7Ldty/8egQ:pAT8QE+kzCaXFdUZYDQzeXS/8eP
Threatray 85 similar samples on MalwareBazaar
TLSH 43B4F234B2418576D0610E36884BC379F53ABB005B7DA8CFB7ED0D6C9D3335A1A653AA
Reporter Marco_Ramilli
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 12:52:07 UTC
File Type:
PE (Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ssu7bzshkogxl5goiohag4osiyufabrsjugk5yitmc3asjzvgrvq._file
Verdict:
malicious
Similar samples:
06c470803b445fa48419f5840100b63e2248b72e64c6c0ef47c44c07ff36d2a9
ArkeiStealer
1912d659af4fedbc9e143eff5e666ce460a710fd84c83f7a4c4d8170356e578a
ArkeiStealer
2d2d3d7c27bfec647b6a9db28df14308827a652a184886c166a1d128a5f890d8
ArkeiStealer
30ee19d9f9b1e7c313c08903a1d5150461447f5fd989e82a982c1b6462698c4f
ArkeiStealer
341847d9c11face1487ab04072d6ddc5065a379011c6684e56e1f4fa8d8ab3f3
ArkeiStealer
3a7f7b56d9b3c6996f00bd40b7ff5d70e0ce858fc76cc0d89f603a26c34e9e5c
ArkeiStealer
4b3bed149062abeddef6fe68cbb439f5ae3d3044a4870a125f83dfd37c34ca6c
ArkeiStealer
8673fb0671f6ae27bcc17743f4cff730b374ac61f6542117a5b6b34d44e17809
ArkeiStealer
cd2fb19598084681b5fe849bf1cdbabb07325de447d8150463d189440e10932d
ArkeiStealer
d5445db0317af2ab05690f7037065681f908b3ae4da8d53ff5160b6627d74aac
ArkeiStealer
+ 75 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 94a9f0e647538d75f4ce438e0371d246285006324d0caee11360b6092735346b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/320566/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User Authorizationadvapi32.dll::AllocateAndInitializeSid
advapi32.dll::EqualSid
advapi32.dll::FreeSid
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
MULTIMEDIA_APICan Play Multimediagdi32.dll::StretchDIBits
winmm.dll::timeKillEvent
winmm.dll::timeSetEvent
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::AdjustTokenPrivileges
advapi32.dll::GetTokenInformation
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteExA
shell32.dll::ShellExecuteA
shell32.dll::SHGetFileInfoA
WIN32_PROCESS_APICan Create Process and Threadsadvapi32.dll::OpenProcessToken
kernel32.dll::OpenProcess
advapi32.dll::OpenThreadToken
kernel32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIkernel32.dll::TerminateProcess
kernel32.dll::LoadLibraryA
kernel32.dll::GetStartupInfoA
kernel32.dll::GetDiskFreeSpaceA
kernel32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programskernel32.dll::WinExec
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryA
kernel32.dll::CreateFileA
kernel32.dll::DeleteFileA
kernel32.dll::GetWindowsDirectoryA
kernel32.dll::GetSystemDirectoryA
kernel32.dll::GetFileAttributesA
WIN_BASE_USER_APIRetrieves Account Informationkernel32.dll::GetComputerNameA
advapi32.dll::GetUserNameA
advapi32.dll::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegCreateKeyExA
advapi32.dll::RegOpenKeyExA
advapi32.dll::RegQueryInfoKeyA
advapi32.dll::RegQueryValueExA
advapi32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI Actionsuser32.dll::FindWindowA
user32.dll::PeekMessageA
user32.dll::CreateWindowExA

Comments