MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb
SHA3-384 hash: 89fa2429ec624d6b8a160f0dd52a8f18d34884a2b42fccdaf356a7e86625319f82089fa81fba295eeb738e48beeaec71
SHA1 hash: f1977c0f2549c3b0c7b31b992b5019e4ace30d79
MD5 hash: 77ffb6074913525f5ae6666d4c54fb09
humanhash: hydrogen-bluebird-twenty-carbon
File name:c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:282'624 bytes
First seen:2022-04-19 07:38:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 730ddcd509972dad6242290a5ee7bcfc (1 x RedLineStealer, 1 x ArkeiStealer, 1 x Smoke Loader)
ssdeep 3072:+kUlMlZ8uFUA2gf8PpceYv1jVte/vdIc4YnS3bN++z/JkMsnmw3F:SlMn4BgfayX1G/vpBAN++T+MEmw
Threatray 402 similar samples on MalwareBazaar
TLSH T17954D0123FA1C432F1A326306475C7625A7BB87256358A8B3768163E1F702D1AFBD71B
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 480c1c4c4f590b14 (113 x Smoke Loader, 92 x RedLineStealer, 83 x Amadey)
Reporter JAMESWT_WT
Tags:ArkeiStealer exe jsdkci-link mars

Intelligence

File Origin
# of uploads :
1
# of downloads :
372
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264528/
Detection(s):
SecuriteInfo.com.Trojan.Siggen17.42749.355.315.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/625e6716eab80a7a6c3f7af5/reports/bea7786e-b824-42a3-90c2-7e267f1a7f7a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f6fa7722-7d1c-44d4-a45f-cc9c5d53fa81
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.evad.spyw
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/978680
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking computer name)
Found evasive API chain (may stop execution after checking locale)
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2022-04-13 17:36:10 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
34 of 41 (82.93%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
18a51631909a8b72c610fa2b7640530cbe0dbfcc73a8e84af917fa797dded717
ArkeiStealer
22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a
ArkeiStealer
30f31299aa3016ca50e9c14d43dfa51fe0c174480951809d068900a998146caa
ArkeiStealer
8091e6f02ff5f4b5024f18348f41d5579333e26a028dc8bc430e46b0f05cdebf
ArkeiStealer
a2786a0170e3cbdf616d75472b66707656e355653ad013e07eb749bb0c9e7e84
ArkeiStealer
ba9cf00e158a45c784e263e07e773f089d27130480157c0797dbeedc66788629
ArkeiStealer
c2487b0dcceb0fa54bc8af20666e181c4620f1120eb7f4a5c35f7df5e876b7e0
ArkeiStealer
de147d635d7404111032d34845dd05eddc00ae6ecf0814d89eed3c6a81c06629
ArkeiStealer
e4420cb1590d572b0131bd5f04da689caca5d89595676ca8dd6770ec4a55cb83
ArkeiStealer
+ 392 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default stealer
Link:
https://tria.ge/reports/220419-jgyqwsdhd4/
Behaviour
Arkei
Malware Config
C2 Extraction:
http://jsdkct.link/47747.php
Unpacked files
SH256 hash:
951a223d411e2e699828ffe99dfe1be2025a83fc79bf65e196f5142bac96ca21
MD5 hash:
af613b51a3a0398fd9eb5101c4a3aeec
SHA1 hash:
0ce8769c360e431a9da5c7ef24f70cbfbf835df7
Link:
https://www.unpac.me/results/1d9b199d-723f-477d-a370-c6bfa3d5c89a/
SH256 hash:
c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb
MD5 hash:
77ffb6074913525f5ae6666d4c54fb09
SHA1 hash:
f1977c0f2549c3b0c7b31b992b5019e4ace30d79
Link:
https://www.unpac.me/results/1d9b199d-723f-477d-a370-c6bfa3d5c89a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/264528/

Comments