MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189
SHA3-384 hash:	346c42b96c411ad511a423791235e2b946c955d92087c530a9590b46677a68f90d4ea47dc093987e38cfcda746ee98d2
SHA1 hash:	d2d6917496ae956f09bdeb5b350fcca83f88da5f
MD5 hash:	16e64e7b842fcb8b72e9b5732f6dd18c
humanhash:	nineteen-lamp-leopard-early
File name:	16e64e7b842fcb8b72e9b5732f6dd18c.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	207'360 bytes
First seen:	2021-09-29 07:07:41 UTC
Last seen:	2021-09-29 08:12:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5dbcbed365563713c1a9bb2780528a54 (5 x ArkeiStealer, 3 x RedLineStealer, 2 x RaccoonStealer)
ssdeep	3072:Ya1qQA5osTfGOJdL3QkK5kOrcPI1Ze6TRkr8EuSzsz:YaM6sTJnLnIcPI1LTyuSz+
Threatray	62 similar samples on MalwareBazaar
TLSH	T1D414CF00B590E2F1C745113E6816CAECE92DB86DFBE09A773B58A2DF5E38193F521352
File icon (PE):
dhash icon	4839b234e8c38890 (121 x RaccoonStealer, 54 x RedLineStealer, 51 x ArkeiStealer)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

16e64e7b842fcb8b72e9b5732f6dd18c.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-29 07:15:01 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e2586e06-3604-4ff0-bc38-1ca015c9de8f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/192850/

Detection(s):

SecuriteInfo.com.Packed-GDT16E64E7B842F.11528.1110.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/032ab00d-eeba-48bb-8b70-a073b198fc29

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/860920

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189/

Threat name:

Win32.Trojan.Sabsik

Status:

Malicious

First seen:

2021-09-29 07:08:13 UTC

AV detection:

20 of 45 (44.44%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3

43280785b563edd0d7af1fb1041f15fd311b610b63bbc794f76f52bb2e7c6794

5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d

b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541

c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b

ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852

d4928b68e9f811d65718737a7eea99963cc2b9778fb127151e610868fcb9de7e

e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

f3caecffb11faf28d31a3f30e39511ab1dbbce621259b73172d94f9a75962d1c

+ 52 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei stealer

Link:

https://tria.ge/reports/210929-hx9bwseagl/

Behaviour

Arkei Stealer Payload

Arkei

Unpacked files

SH256 hash:

4b33410c1350737eb7eb734fb597c32083ae1a60955a871fe914b5ccff23a91a

MD5 hash:

e4e7f7cb036464db3050cf0fe6e7aaec

SHA1 hash:

44d6b2bfa01b4f2f7b3ffbd522d267af35a9cb01

Link:

https://www.unpac.me/results/bbc713df-7424-4c45-b0e0-249393821cb2/

SH256 hash:

b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189

MD5 hash:

16e64e7b842fcb8b72e9b5732f6dd18c

SHA1 hash:

d2d6917496ae956f09bdeb5b350fcca83f88da5f

Link:

https://www.unpac.me/results/bbc713df-7424-4c45-b0e0-249393821cb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b4b9574d1681e6fa3fda139c0f58773c5f2850b25f345fd9d8b358cb02044189

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1603785/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/192850/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample