MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238
SHA3-384 hash:	0d14023484287d1403ca70aa969c7995b8d6b2cdfcd4aa55348f949cd1722628d7cd7020af4c11337a8c9443ad9fd3a1
SHA1 hash:	51bdcfb40c10aebb1374a0a6257d1c63d88a608b
MD5 hash:	75a4c25e5af7c58034b2323a11c63ce2
humanhash:	papa-lactose-nineteen-sixteen
File name:	75a4c25e5af7c58034b2323a11c63ce2.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	299'008 bytes
First seen:	2021-09-27 08:32:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	79390cc511b9dafcaf429778d9678427 (1 x ArkeiStealer)
ssdeep	3072:ouhyqfUE+kvHTz96K6ScKcNEUzZELeUoPxwAnjaPM76DBQ+E0:0qfR+2Tz96KncKukLvBl
Threatray	472 similar samples on MalwareBazaar
TLSH	T17B543C37A3CDC816FB7B1F7EB593892140F1BC471023462E91D1395AFA7BAB56886234
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

123

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/191980/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Creating a file

Launching the default Windows debugger (dwwin.exe)

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/fbd8593a-1871-44e7-b61a-ae7ecc8bd249

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/858769

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238/

Verdict:

malicious

Similar samples:

111dd17966a5f7058eb1cfc468c1d062602437a69694aa05eff97d121d611408

2d91e376152618dd6a130215eb8db5c438eafa6738d62266e3edec027a58e88e

5ea70d1ccacc9fde5a0f1cf02273de35c8db3fdcf6ec8d5da788fed041a742ac

6995cc187abb7a1e4d973a54078e041eedd383f505174f9ebb3f0b897fa06d60

b61909aa48c3bd53bc5c94589078acba1a719998b4bb3be33a6207c104771dd1

c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b

d4928b68e9f811d65718737a7eea99963cc2b9778fb127151e610868fcb9de7e

e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

f3caecffb11faf28d31a3f30e39511ab1dbbce621259b73172d94f9a75962d1c

+ 462 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei discovery spyware stealer

Link:

https://tria.ge/reports/210927-kf5cqagbbm/

Behaviour

Checks processor information in registry

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Downloads MZ/PE file

Arkei Stealer Payload

Arkei

Unpacked files

SH256 hash:

50892d5d5e75b7a17f99b8f750a612f1af80d065cb7522662dad68b3b347f080

MD5 hash:

5b4724f4df7104693e6adeb79bd77599

SHA1 hash:

11661728b56722cf47bdf3826f239dfcac9ae5f5

Link:

https://www.unpac.me/results/4283215f-992f-46d6-bbd4-235b96e664b5/

SH256 hash:

b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238

MD5 hash:

75a4c25e5af7c58034b2323a11c63ce2

SHA1 hash:

51bdcfb40c10aebb1374a0a6257d1c63d88a608b

Link:

https://www.unpac.me/results/4283215f-992f-46d6-bbd4-235b96e664b5/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/b3c5e8250ec3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Arkei Stealer

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1642879/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/191980/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample