MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ArkeiStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa
SHA3-384 hash: bcb347676d82adabdca267d268c48fb544244e3fab6032ff7d20d20f3f5ff6118663592a6b32ae798bd898031e8ec2e8
SHA1 hash: c6a189f2d663e59f03dbe4987ccb14a53053ef21
MD5 hash: 1abeecf2dce719b13bdf709b1793d693
humanhash: india-alabama-wolfram-xray
File name:1abeecf2dce719b13bdf709b1793d693.exe
Download: download sample
Signature ArkeiStealer
Create hunting rule
File size:1'534'976 bytes
First seen:2021-09-20 17:57:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c32368f78c61cf2d9d6654d89861a9fe (36 x ArkeiStealer)
ssdeep 24576:HBuzcdGnDD28WHA4NKRi9yvbEx2Tw1zRHEH0OhgcoAs03kzGl/rHw9I1u1dA9mvo:H2DMHAl8gDExIE006gcRf3Vl/zw9I1uX
Threatray 167 similar samples on MalwareBazaar
TLSH T14965E121E292F437D1A3F638DD969B7F9B3CBE103914140B6EE82D685B39380B519367
File icon (PE):PE icon
dhash icon 399998ecd4d46c0e (572 x Quakbot, 137 x ArkeiStealer, 82 x GCleaner)
Reporter abuse_ch
Tags:ArkeiStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1abeecf2dce719b13bdf709b1793d693.exe
Verdict:
Malicious activity
Analysis date:
2021-09-20 18:01:52 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fefec986-2bfa-4962-bd7f-082d3d4d883b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Vidar
Create hunting rule
Link:
https://www.capesandbox.com/analysis/189559/
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/82617d55-496d-471e-9c9f-00ca4e831a63
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/854351
Signature
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 17:58:14 UTC
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7fqnflz6mkgewzuwx5wzs52hwciog26skfq3k4wzfwqfcqr7kva._file
Verdict:
malicious
Similar samples:
461a8adf2ceed23fc21c2d8b0a45d9dd91d2d9f0af62b3f8850f8d2920d8b7f9
ArkeiStealer
4cfbdd8acdc923beeca12d94f06d2f1632765434a2087df7ac803c254a0adf9c
ArkeiStealer
72339997aa5cf9d313e2c7a44b8649d343a057cd45a6b190036bbed489cd828a
ArkeiStealer
7b603dd82cb87eca59e93b2cd9c0eb8e613339097b23ac07daa9220a2eb4a7b4
ArkeiStealer
8470a13ce50314b24f998a31289fb7cd0a9c8e281c14b5f05ae4027554cfec2b
ArkeiStealer
bb5a82d435e5b35379d83d69c5c9ff7881b1963a8480b9b15193245927fd55f8
ArkeiStealer
c25818485a3fe4e6728db023c55168a494810364ffa1421995a1e13309a61c2a
ArkeiStealer
c456fe04ee50e4816038ca556e02ec2adae117665d9874dac92d64bd1899d904
ArkeiStealer
d677f8738307640320bd09f609d9203e0d3bb924db4746a895829b253edcbead
ArkeiStealer
f1bb2d91c7594b776d0674a778c3208b73ef8caaf63427fb33c97481d783903b
ArkeiStealer
+ 157 additional samples on MalwareBazaar
Result
Malware family:
vidar
Create hunting rule
Score:
  10/10
Tags:
family:vidar botnet:1013 stealer
Link:
https://tria.ge/reports/210920-wj6whahddl/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Vidar Stealer
Suspicious use of NtCreateProcessExOtherParentProcess
Vidar
Malware Config
C2 Extraction:
https://petrenko96.tumblr.com/
Unpacked files
SH256 hash:
c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa
MD5 hash:
1abeecf2dce719b13bdf709b1793d693
SHA1 hash:
c6a189f2d663e59f03dbe4987ccb14a53053ef21
Link:
https://www.unpac.me/results/7afdec6c-c06d-4bd8-998c-253fc2e533d8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ArkeiStealer

Executable exe c7cb069579f314625b34b5fb6ccbba3d84871b5e928b0dab96c96d028a11faaa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1627241/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/189559/

Comments