MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c40c4ad03430f7dc6718e0229b64bf3a515d1fabb042acc0a0fd69f82fd14867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	c40c4ad03430f7dc6718e0229b64bf3a515d1fabb042acc0a0fd69f82fd14867
SHA3-384 hash:	e5378f697cdce64e7b1d1ce1339b0464cb9041c6758d8aa8fe33dd509da34d3e116f87b1b3e47c733d92bdd8edbf60aa
SHA1 hash:	cfbc4aa866518e97d46e5167068db6fbbaa5a7d0
MD5 hash:	ae390968790ad9576b3373caaff89475
humanhash:	louisiana-sink-chicken-butter
File name:	ae390968790ad9576b3373caaff89475.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	311'808 bytes
First seen:	2022-04-06 15:08:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	90d6a39a45ddf49ce4fb487d0a67b6d0 (2 x Stop, 1 x ArkeiStealer, 1 x RedLineStealer)
ssdeep	3072:21XIN4Er+dH2ZcTqQebQYKTJJ1QPwzU40Kz+gtafrClFzbsxkgaBCh52lqG:aI/rKH2ZcTqQm0Tr1/tv5tU+Jwiga3
Threatray	4'122 similar samples on MalwareBazaar
TLSH	T16664CF3273A2D831C5A50E70A460CBF15E3BB8735974589BF7A47B2E2E703D166B5322
File icon (PE):
dhash icon	480c1c4c4f594b14 (172 x Smoke Loader, 134 x RedLineStealer, 98 x Amadey)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

218

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/261346/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader44.48891.20985.17501.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

DNS request

Sending an HTTP GET request

Creating a file

Reading critical registry keys

Changing a file

Creating a file in the %AppData% subdirectories

Creating a window

Сreating synchronization primitives

Running batch commands

Creating a process with a hidden window

Launching a process

Launching the default Windows debugger (dwwin.exe)

Stealing user critical data

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/12855/overview

Behaviour

MeasuringTime

SystemUptime

CheckCmdLine

EvasionQueryPerformanceCounter

EvasionGetTickCount

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/624dad17aa7e43c6a6c30b74/reports/55631e3e-504c-48a6-81b7-fc334a829d80/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Oski Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4f08fde5-9c60-4812-af29-eecc4289e98f

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/971603

Signature

C2 URLs / IPs found in malware configuration

Contains functionality to detect sleep reduction / modifications

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c40c4ad03430f7dc6718e0229b64bf3a515d1fabb042acc0a0fd69f82fd14867/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2022-04-05 09:10:57 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

33 of 42 (78.57%)

Threat level:

5/5

Verdict:

malicious

ArkeiStealer

4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b

ArkeiStealer

5aefbefef1a5a2ee938f4d9c7705b6e38b375b858d21dae1efc137f36b29751d

ArkeiStealer

60e2041e9280879b054540d9d8cef49a738ceb9c5c8f73a0f47016a862645cf7

ArkeiStealer

7022a16d455a3ad78d0bbeeb2793cb35e48822c3a0a8d9eaa326ffc91dd9e625

ArkeiStealer

7f19bc8eb8f0555986de478bc9a17a8e052f4a9262b0a19b924d8e9c66a01ca7

ArkeiStealer

90572b46120921941b9c004e411af18398a33de08d001e851965710d9b1c9860

ArkeiStealer

c2487b0dcceb0fa54bc8af20666e181c4620f1120eb7f4a5c35f7df5e876b7e0

ArkeiStealer

+ 4'112 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei botnet:default discovery spyware stealer

Link:

https://tria.ge/reports/220406-sjfgrsebh9/

Behaviour

Checks processor information in registry

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Arkei

Malware Config

C2 Extraction:

http://jsdkcr.link/47747.php

Unpacked files

SH256 hash:

d43c081c802235addf4267f8da30fb4596778b982765452c005f8b2eed888876

MD5 hash:

9ffb08a3cdb4d651ccfcc3f6967694fc

SHA1 hash:

914c723094708f02e97edcbbf50151f3b081e274

Link:

https://www.unpac.me/results/28b096ad-6907-43af-9136-1b8113e64b5e/

SH256 hash:

c40c4ad03430f7dc6718e0229b64bf3a515d1fabb042acc0a0fd69f82fd14867

MD5 hash:

ae390968790ad9576b3373caaff89475

SHA1 hash:

cfbc4aa866518e97d46e5167068db6fbbaa5a7d0

Link:

https://www.unpac.me/results/28b096ad-6907-43af-9136-1b8113e64b5e/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/261346/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample