MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b
SHA3-384 hash: e91ef796d63c6b3a18337e8fcb3ae1b1828bb930f712c06e7509f0f6e05af8564844ba3769b3485149a62822ec69729b
SHA1 hash: da6fd33dc65d8e520a24745926cb57b230692117
MD5 hash: 68554b3625c4bdd90658b6d44335ddab
humanhash: princess-edward-ten-oven
File name:68554b3625c4bdd90658b6d44335ddab.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:275'456 bytes
First seen:2022-03-24 19:13:19 UTC
Last seen:2022-03-24 20:42:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 95ad07e52855bf052511ff6b3b1e2bcf (9 x Stop, 1 x ArkeiStealer, 1 x Smoke Loader)
ssdeep 3072:doK2uKRfy6Ias/CGCA0J89+iUQIUdJkImUTR5dSnPFQ:ScKw65s/rhTwMLkKgnN
Threatray 483 similar samples on MalwareBazaar
TLSH T16344E0203752D836C8570070B926C2F1AD3E69321465CE43F7971B6D5E313D6EAFAB4A
File icon (PE):PE icon
dhash icon 5c599a3ce0c3c850 (43 x Stop, 37 x RedLineStealer, 36 x Smoke Loader)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/257335/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.48706708.4068.29657.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11188/overview
Behaviour
MalwareBazaar
CPUID_Instruction
SystemUptime
MeasuringTime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/623cc2e2dfdfa8501cda6c5e/reports/c4a38450-7862-408c-b7eb-f0baa5062ce2/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Oski Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/69442766-47a7-43c3-9b4b-45ddf472ffde
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/963985
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b/
Threat name:
Win32.Trojan.Raccrypt
Create hunting rule
Status:
Malicious
First seen:
2022-03-24 14:11:47 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yvvus6x4mhlgloiofqohfjarpkxlv6gmxg7n2iehmxglc42jg45q._file
Verdict:
malicious
Similar samples:
04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2
ArkeiStealer
2f79c41045be2704549003930a2712977bb4b854e51a55851432d01b01297647
ArkeiStealer
523ff5fa555ad1837c439fd962b07f6cf17a56961fb0c9675d54f9724b476e5b
ArkeiStealer
5b4bb19c89d872512735ccc4c6e276a9181f24a9e368d097167aefc0da76b660
ArkeiStealer
6081ec45cfd21e7ef92a44a9a190260ab2178cd87729038cd5005e5d18a9b1e4
ArkeiStealer
8f3c17ac18a040730c85fc32be4a41d7a3c37555b46db36e008f917951f0b7af
ArkeiStealer
9ad5db9f1437ee5bb03077090861e13efdcca1dfc46133f4b77504add9f18c38
ArkeiStealer
b601b8c369fb891bc3856cab793446efde8c685d4c2ef4b556fb35b46253ad7d
ArkeiStealer
ed339c8353e7d9a9cc7cc4f5e20756eb6a27f6a9553f7c51d503ab83841d1ec8
ArkeiStealer
f732ae7b6856afcbadc0e5bcfee3f71da3570f45a5bdff81fa33468106d6bc2a
ArkeiStealer
+ 473 additional samples on MalwareBazaar
Result
Malware family:
arkei
Create hunting rule
Score:
  10/10
Tags:
family:arkei botnet:default stealer
Link:
https://tria.ge/reports/220324-xxp1ksdcd9/
Behaviour
Program crash
Arkei
Malware Config
C2 Extraction:
http://coin-file-file-19.com/tratata.php
Unpacked files
SH256 hash:
111da7f642344fa280703ce8223a4543171b0a9422f8c1d50bd5d4cb90c54840
MD5 hash:
6d15db437bc71c183dd9604829a5354b
SHA1 hash:
a0bbf5585eea01ef056a3a76d8975f6f585d7d01
Link:
https://www.unpac.me/results/268f7074-39bc-461b-a7fd-4d592e932541/
SH256 hash:
c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b
MD5 hash:
68554b3625c4bdd90658b6d44335ddab
SHA1 hash:
da6fd33dc65d8e520a24745926cb57b230692117
Link:
https://www.unpac.me/results/268f7074-39bc-461b-a7fd-4d592e932541/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe c56b497afc61d665b90e2c1c72a4117aaebaf8ccb9bedd208765ccb17349373b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2063967/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/257335/

Comments