MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35
SHA3-384 hash:	ce403dc0e2d637e9fc7a3989635b0ddd13a0d3eb55b3273fee09bb506bb127ef62627209f446c08cbfcd47fe4652d87b
SHA1 hash:	6f61a62163fcf08355935ba6db5ea2f073d87536
MD5 hash:	b47033c21e35e15b4894d86f937a9939
humanhash:	snake-tennis-floor-aspen
File name:	b47033c21e35e15b4894d86f937a9939.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	275'456 bytes
First seen:	2022-03-22 19:04:52 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a3de6a896c379b7dab417ae14fd72612 (2 x RedLineStealer, 2 x Stop, 1 x ArkeiStealer)
ssdeep	3072:OYuIgs40B8u5S37Gd2OyKwbNmoMqkYW5NJdcF2B:xgN0B8L37GdqKZoWJdcs
Threatray	924 similar samples on MalwareBazaar
TLSH	T19444DF107751D832C482153C3A66C2B15E3EB832C6B6D8477B9A1B7E5F313E2E6B6706
File icon (PE):
dhash icon	5c599a3ce0c3c850 (43 x Stop, 37 x RedLineStealer, 36 x Smoke Loader)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

187

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35.exe

Verdict:

Suspicious activity

Analysis date:

2022-03-23 06:08:39 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/19b1a4c4-f1e7-44c8-89cd-628d7a43f918

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/255127/

Detection(s):

Win.Packed.Generickdz-9942099-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/10501/overview

Behaviour

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/623a1debdfdfa8501cce30e0/reports/4c1ffe4c-071e-4513-b72a-f797e1893f85/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/89306232-7c52-44b7-b19e-28367c501385

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/961945

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2022-03-22 11:13:36 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 27 (77.78%)

Threat level:

5/5

Verdict:

malicious

ArkeiStealer

8353b4f27d55239e6935b1c122da96621ee66b0915750ed9b0b5a0b50f1d9b0d

ArkeiStealer

9abfd615c63ff14217232d5e369aa9411b4f427c9195a814c68395ede43dfc20

ArkeiStealer

ab787c1c75509f4cfe8d221accef6e65fda11d2b4210d90fe864c214f084641a

ArkeiStealer

c5b4412dc2ecb3b2f17edaa6df61f122243166cd2429f6f54536075caa760661

ArkeiStealer

ed339c8353e7d9a9cc7cc4f5e20756eb6a27f6a9553f7c51d503ab83841d1ec8

ArkeiStealer

ee7bd39d4d29eb7d605e5ee83da5247cfe11e14f397a76d64bb781fcc29ef583

ArkeiStealer

+ 914 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default stealer

Link:

https://tria.ge/reports/220322-xrjllsghe6/

Behaviour

Program crash

Drops file in Windows directory

Arkei

Malware Config

C2 Extraction:

http://coin-file-file-19.com/tratata.php

Unpacked files

SH256 hash:

111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840

MD5 hash:

6d15db437bc71c183dd9604829a5354b

SHA1 hash:

a0bbf5585eea01ef056a3a76d8975f6f585d7d01

Link:

https://www.unpac.me/results/ab340fca-4081-427a-bf8a-120fd29f9a1a/

SH256 hash:

b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35

MD5 hash:

b47033c21e35e15b4894d86f937a9939

SHA1 hash:

6f61a62163fcf08355935ba6db5ea2f073d87536

Link:

https://www.unpac.me/results/ab340fca-4081-427a-bf8a-120fd29f9a1a/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/b87aa7761376/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

exe b87aa7761376e5586690175051d35ab54fdfef30ffe8dccd992830aa854bdc35

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2063967/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/255127/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample