MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2
SHA3-384 hash: f7b8199b8bf6ead680dfab8819820e0447cd92c3d3d7e5713c91c9c1dd9e3b57d6817b84ca46dc209fce998251159fad
SHA1 hash: 577cc6dd7d11e06c1c8c67610cac7cff90daadc4
MD5 hash: 8317ff2b4bb06eeace6c94685af5ced9
humanhash: video-monkey-nitrogen-south
File name:8317ff2b4bb06eeace6c94685af5ced9.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:772'608 bytes
First seen:2021-10-10 11:49:27 UTC
Last seen:2021-10-10 13:01:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8999899787bd60b1911e458f2d25de40 (3 x RedLineStealer, 1 x CryptBot, 1 x ArkeiStealer)
ssdeep 12288:RCyxwcOnYaFoByqndunR/TQpaumB9pds4DB20TJGcwJfnJ9sXjnFSvkHCCEz:4WOYXByqndunFrZB1s4qcwJvs7FL5E
Threatray 3'251 similar samples on MalwareBazaar
TLSH T160F4F110B791C035F5F712F849B597A8A92E3DA1AB2495CF12F12EEE92345E1EE31313
File icon (PE):PE icon
dhash icon 9824e790c4e72158 (31 x RedLineStealer, 18 x Smoke Loader, 16 x ArkeiStealer)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8317ff2b4bb06eeace6c94685af5ced9.exe
Verdict:
Malicious activity
Analysis date:
2021-10-10 11:51:57 UTC
Tags:
trojan stealer vidar loader
Link:
https://app.any.run/tasks/71f111c0-5805-47b8-a699-0822455b70fb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196373/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Vidar.10.7983.30878.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt to an infection source
Sending a TCP request to an infection source
Launching the default Windows debugger (dwwin.exe)
Query of malicious DNS domain
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6162d3701c2d58ba74ff5db2/reports/09086397-911a-49e5-8fea-41cc50f9a795/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2/
Threat name:
Win32.Trojan.Chapak
Create hunting rule
Status:
Malicious
First seen:
2021-10-10 11:50:09 UTC
AV detection:
25 of 45 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t57mh47xssd5wa5zauozxd5nrimzykstsbofz4m5b7m23ehvr3ba._file
Verdict:
malicious
Similar samples:
3ea7115ddbd68cc7cde39bcd0cd850bfe47b82d313ae1df56c9b2e29dc149933
ArkeiStealer
3f9632d938647c95eeb79ad82576667f2f3e0110daf368b28159d23e30b20f5d
ArkeiStealer
5cdade4f7abf84af2fab04c925456f616a170751bde63e4c1ce5f5bd7c47762d
ArkeiStealer
6cdbb76978e0dcbb39bc84b8726616b7e5034e93e3fb52bd1f190d352ac4c561
ArkeiStealer
71247faf517e2d421cda99741856f21bc1eec72ac6e6ae4aa8a5ca5e5b7e7db4
ArkeiStealer
a2872c8f6a4e0bf3538f83c8b7660d5c2b0cacf643a847faf0695b2a717ab317
ArkeiStealer
b9d7a6b2cf9c35cd2aa3b75732e1f1f77e7fc8ed36a7c40a8cd3382b9232d08b
ArkeiStealer
e0f882ee034b004232619679b022684ae62e61970b99945b1b01ba65099a1ae1
ArkeiStealer
f4f227f85c0e7c0bcf89f015caf657ba23fdc53e9f3af1ce8b12d72297894506
ArkeiStealer
fa7f51831c97c16b3e83e13c22e5c899a67c795347225a6713ef3fac7e300174
ArkeiStealer
+ 3'241 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:1008 discovery spyware stealer
Link:
https://tria.ge/reports/211010-nzllhafge6/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Vidar Stealer
Vidar
Malware Config
C2 Extraction:
https://mas.to/@serg4325
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/9f7ec3f3f794/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe 9f7ec3f3f79487db03b9051d9b8fad8a199c2a53905c5cf19d0fd9ad90f58ec2

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/196373/
  
URLhaus
https://urlhaus.abuse.ch/url/1586513/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1584973/

Comments