MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4
SHA3-384 hash: c5ef07bdf820e23fac4ff6a57f2b2f0dd27f05826081664a8e6d6dcd8ab0dc7b3ed4c9ac757605706a79adb7676c23f2
SHA1 hash: 006afce997f00bd86bc612e31108f0e943ce911d
MD5 hash: 0b2d9078fd109b67365ffd30c2abeef4
humanhash: artist-shade-mango-foxtrot
File name:SecuriteInfo.com.Packed-GDT0B2D9078FD10.21872.21856
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:279'552 bytes
First seen:2022-03-10 13:42:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e0538044f9656c3c504709b72e66cb43 (1 x RaccoonStealer, 1 x ArkeiStealer, 1 x RedLineStealer)
ssdeep 3072:B9o057kSoC9ZIBI7OSr9tbJW2LTBUupj57zdxsmT/2:M05/oC9mBI7FndDzdxBTe
Threatray 4'100 similar samples on MalwareBazaar
TLSH T13C54C0513BE1C873C4B291706924C6B19B7F74325ABAD9473B98073E5F313D29A7A30A
File icon (PE):PE icon
dhash icon 4839b234e8c18890 (3 x ArkeiStealer, 2 x RedLineStealer, 2 x RaccoonStealer)
Reporter SecuriteInfoCom
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249153/
Detection(s):
SecuriteInfo.com.Packed-GDT0B2D9078FD10.21872.21856.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Reading critical registry keys
Query of malicious DNS domain
Stealing user critical data
Sending an HTTP GET request to an infection source
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware
Link:
https://www.filescan.io/uploads/622a00690cd58dbd9276a2ca/reports/7e3acdea-bbb8-41ab-906c-1c50306aeffa/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c47fe953-81d0-4d91-837b-400de049190c
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/954237
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Self deletion via cmd delete
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2022-03-10 13:43:10 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4yq2aqnzlb27eczfw3znkdy2hmlyeuf7rkdd2bwxear2mlnixca._file
Verdict:
malicious
Similar samples:
1a2bc82de6e0c26030a3600c836329329dbcf1d4d84e031a90dd7df5355ed612
ArkeiStealer
5aefbefef1a5a2ee938f4d9c7705b6e38b375b858d21dae1efc137f36b29751d
ArkeiStealer
6849e65e9ac20880fa99583b202ae710e0a3885cd72692a0c1b4d72aae109adf
ArkeiStealer
b4564966c74ea17badd252d6c1b3a052f869e69d0c7cbbcb776af245135e9917
ArkeiStealer
be52ba286982ecb2bda4033824ce2fb1147300af2c5106cfed27cf3fb6022b1f
ArkeiStealer
d8454e6022d16c264f078c2a0b925dc70d08edd251dc6e86f1af4b24afd46bde
ArkeiStealer
e3cf84cf7f8d85d334d107e4fda6a98b021a8d004ef88708957629d0f10be5fe
ArkeiStealer
+ 4'090 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default stealer suricata
Link:
https://tria.ge/reports/220310-qz9dnsadhn/
Behaviour
Arkei
suricata: ET MALWARE Win32/Arkei Stealer CnC Checkin (GET)
Malware Config
C2 Extraction:
http://coin-file-file-19.com/tratata.php
Unpacked files
SH256 hash:
111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840
MD5 hash:
6d15db437bc71c183dd9604829a5354b
SHA1 hash:
a0bbf5585eea01ef056a3a76d8975f6f585d7d01
Link:
https://www.unpac.me/results/a0a40deb-ca20-4b2d-8081-0a8b55e47862/
SH256 hash:
9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4
MD5 hash:
0b2d9078fd109b67365ffd30c2abeef4
SHA1 hash:
006afce997f00bd86bc612e31108f0e943ce911d
Link:
https://www.unpac.me/results/a0a40deb-ca20-4b2d-8081-0a8b55e47862/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 9f310d020dcac3af90592db796a878d1d8bc1285fc5431e836b9011d316d45c4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2063967/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/249153/

Comments