MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1a0afd475840243c6cf41c91ec97d13d2041fcc286d9a7b330c59d453fc2048. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1a0afd475840243c6cf41c91ec97d13d2041fcc286d9a7b330c59d453fc2048
SHA3-384 hash: 42d1d71837857eb0e82f3c01d9c9bf56a32e9f0e2e392ad5a083b7473552ce20aa3cc2e4f449d9ad544b48e79a6f4ddc
SHA1 hash: 7d8573a207116cf03b76e6699b774b8693485205
MD5 hash: 310502d41f42f1af2bcb6812aecbe643
humanhash: oxygen-east-october-lake
File name:DiscordTokenGeneratorToolq.rar
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:7'816'014 bytes
First seen:2022-11-05 10:59:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 1896
ssdeep 196608:5PsX2kLyQqxn3SBytmDUudGzAa2m7wMUcgmyZys:5P0VqdFtmDU3ca2m7w/cYT
TLSH T19F76337FB0E435F460B78EC2D52AD94ECCE683053519D4B8D9897E9FC2A35B43A019E2
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter Anonymous
Tags:file-pumped pw-1896 rar vidar

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
HU HU
File Archive Information

This file archive contains 17 file(s), sorted by their relevance:

File name:Setup.exe
File size:798'744'576 bytes
SHA256 hash: 98ef6ddc644c14cf9e33784fc7197bcd9b329dcd9cd14eb530a06bfab4937033
MD5 hash: 1573f50ffb79b55b89ef8e781b6fd45a
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:qt_de.qm
File size:172'854 bytes
SHA256 hash: cd711e09012f37003af75e982e2e40df14445aca2800a3702a18612074ad660b
MD5 hash: 91899280efb4496c8ac0a004cd1469e2
MIME type:application/octet-stream
Signature ArkeiStealer
File name:udpater.ini
File size:44 bytes
SHA256 hash: efc3a099238b9e63556b7b0342029830843072fff4a721ce95abcdaaa94f302c
MD5 hash: f904d94be2e4e5dd262e84fae2884865
MIME type:text/plain
Signature ArkeiStealer
File name:qt_fr.qm
File size:166'157 bytes
SHA256 hash: 7d40eaa90d9094ce548a41482b496ec494396a82361d4f3d031756118ed042d2
MD5 hash: 37f2ac5cf8ea04844351ae0bcf8420fb
MIME type:application/octet-stream
Signature ArkeiStealer
File name:Qt5Gui.dll
File size:5'022'064 bytes
SHA256 hash: 55faebb8f5e28cde50f561bbd2638db7edcfd26e7ee7b975e0049b113145ae38
MD5 hash: d9b78f4b2f8f393c8854c7cc95eae5d8
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:libEGL.dll
File size:18'800 bytes
SHA256 hash: 0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
MD5 hash: 379358b4cd4b60137c0807f327531987
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:borlndmm.dll
File size:48'512 bytes
SHA256 hash: ca1f509d6779bc005f332027d50e9bafa952bcf970953593a9566973b4122759
MD5 hash: e3fcf256b4683ab92703842985b5e725
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:HwidProtector.dll
File size:233'680 bytes
SHA256 hash: f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6
MD5 hash: e4c67cc149ca5fa61382f8654409feee
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:Security.dll
File size:156'880 bytes
SHA256 hash: 9eb3aabe31f6e0254ecbbb7fffa6f11428e8f85f785739c62fde88be09c81a78
MD5 hash: 1b13ac6572d32448c0e15bf00a04fb98
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:cc32100mt.dll
File size:1'141'248 bytes
SHA256 hash: d221da673572c2d0c8edc23de7dfeea3e6cd6e994427ae48565a16751a3871bc
MD5 hash: 1ec6fe4798163c9eab3bc7835fbf4f47
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:newsocket.data
File size:3'179 bytes
SHA256 hash: e4931b6e39a9616e32e4e51159f22a4a8f40031060d62084d257c2f8d77d0157
MD5 hash: 1e1589d7e54f2261397a93cba88c8082
MIME type:application/octet-stream
Signature ArkeiStealer
File name:qt_ru.qm
File size:158'824 bytes
SHA256 hash: d53ae70615ad64d5f08e2dd322462aec33a3d3765f15ff0339079424fa893aa3
MD5 hash: 9ff2dec30e74ba0766e1811ea9b99d6f
MIME type:application/octet-stream
Signature ArkeiStealer
File name:readme.txt
File size:1'152 bytes
SHA256 hash: 8d9b5b5028aef82ce456a71b4c42a44a5df6ee2940aaeb26776f220497981c71
MD5 hash: 6d05854057c6c943555d25ba7ae762b1
MIME type:text/plain
Signature ArkeiStealer
File name:qt_uk.qm
File size:158'319 bytes
SHA256 hash: a633805fec82639230c2ac513dd7447e2ee10089f5ea1d281d12b4ee97a504c3
MD5 hash: b8113667d2222f6a705d744718407fcb
MIME type:application/octet-stream
Signature ArkeiStealer
File name:opengl32sw.dll
File size:15'229'296 bytes
SHA256 hash: 23f04ba936568e9a7c9dce7a6beb52c9be7eb13b734cd390c99e7546cbe1973d
MD5 hash: 3bd5aea364326cdfa667651a93e7a4c9
MIME type:application/x-dosexec
Signature ArkeiStealer
File name:udate-settings.ini
File size:2 bytes
SHA256 hash: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
MD5 hash: f3b25701fe362ec84616a93a45ce9998
MIME type:text/plain
Signature ArkeiStealer
File name:dbghelp.dll
File size:1'045'128 bytes
SHA256 hash: dca9f45efed8eab442b491aebda3e3cce7f5f9fc5de527d2dbdfd85a5be85dfa
MD5 hash: 74edbb03de3291fcf2094af1fb363f1d
MIME type:application/x-dosexec
Signature ArkeiStealer
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1a0afd475840243c6cf41c91ec97d13d2041fcc286d9a7b330c59d453fc2048/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-05 02:13:52 UTC
File Type:
Binary (Archive)
AV detection:
3 of 41 (7.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ygqk7vdvqqbehrwpiher5sl5cpjaih6mfbwzu6ztbrm5iu74ebea._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/221105-natwkshfdl/
Behaviour
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c1a0afd475840243c6cf41c91ec97d13d2041fcc286d9a7b330c59d453fc2048

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

rar c1a0afd475840243c6cf41c91ec97d13d2041fcc286d9a7b330c59d453fc2048

(this sample)

zip ca5837c6b4cdde0e3ef9942ba308ca19e9b51439048bd0c2fcf5753e1403a517

ArkeiStealer

Executable exe 053d6600cee7a1f232c00c0cd399dc55894cfee75c15a2ba5ac71ba9c8ac266b

  
Delivery method
Distributed via web download
  
Dropping
SHA256 053d6600cee7a1f232c00c0cd399dc55894cfee75c15a2ba5ac71ba9c8ac266b
  
Dropping
MD5 8c5d47cfa9cd9b894b280350240d638d

Comments