MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d
SHA3-384 hash: 425e22729beefd13951a6d7b60323b38b8b354b4814cca6e68b97f274c3b72f606125949e660599ac6323f25f379dda9
SHA1 hash: 658b2f8a1e737860f1bfa4661a9c80bda3c7fa97
MD5 hash: 5f251ddf1f41eb3ccc330508f173152a
humanhash: eleven-autumn-pasta-butter
File name:5f251ddf1f41eb3ccc330508f173152a
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:1'133'568 bytes
First seen:2021-10-05 11:44:18 UTC
Last seen:2021-10-05 14:04:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 08dbf1a5c98fd4931a5aa7dc687e7799 (1 x ArkeiStealer)
ssdeep 3072:GP6X6qcNEUzZELeUoPxwAnjaPM76DBQ+E0RqfUE+kvHTz96K6ScIOj3K:GPcukLvBlRqfR+2Tz96KncIOja
Threatray 504 similar samples on MalwareBazaar
TLSH T133351878E1CDD827E36936B495D38E6E44292C8CFC0246CEB75B2A9E6A39FDD7C05005
Reporter zbetcheckin
Tags:32 ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/195003/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47109773.2302.3841.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed papras
Link:
https://www.filescan.io/uploads/615c3ac5b95458900cdc6704/reports/6b29d98c-f3ed-4b8f-aab7-b51cc4e1964f/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c76712c-4268-4759-917f-ab84f7ebb2ad
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/864731
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file has nameless sections
Self deletion via cmd delete
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-04 17:52:00 UTC
AV detection:
23 of 45 (51.11%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3
ArkeiStealer
5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d
ArkeiStealer
70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb
ArkeiStealer
b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238
ArkeiStealer
b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541
ArkeiStealer
c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b
ArkeiStealer
ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852
ArkeiStealer
d4928b68e9f811d65718737a7eea99963cc2b9778fb127151e610868fcb9de7e
ArkeiStealer
e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b
ArkeiStealer
edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565
ArkeiStealer
+ 494 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei discovery spyware stealer
Link:
https://tria.ge/reports/211005-nwry4saabm/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Downloads MZ/PE file
Arkei Stealer Payload
Arkei
Unpacked files
SH256 hash:
5401ea92b64140db2b5cba0d9ad93f10a9b46e9e4d43f0a9fe75e7ea748d2dfe
MD5 hash:
eb7699982c1b8f75e97acb8f3026a019
SHA1 hash:
71458cfeaa2f3fc9babba44181e24684548d4e00
Link:
https://www.unpac.me/results/a56530c3-683f-4f4e-b4f3-3410f190267b/
SH256 hash:
b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d
MD5 hash:
5f251ddf1f41eb3ccc330508f173152a
SHA1 hash:
658b2f8a1e737860f1bfa4661a9c80bda3c7fa97
Link:
https://www.unpac.me/results/a56530c3-683f-4f4e-b4f3-3410f190267b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe b7bd5421b8f7404d03566396d802acd841f32156f4d6195338249d677ce8224d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/195003/
  
URLhaus
https://urlhaus.abuse.ch/url/1655621/

Comments


Avatar
zbet commented on 2021-10-05 11:44:19 UTC

url : hxxp://2.56.59.42/EU/Build18_1950eu.exe