MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c
SHA3-384 hash:	65a2ddc3442d23aa85053a83e8e809218cb23285aade965984099f305067eb6d06fdf09f4b3d3e034024a9d2b539f80f
SHA1 hash:	082defd2cdd87ca15c8a399e43ddb6f84617724c
MD5 hash:	4d107c341ce4c2893d537b1e16acde39
humanhash:	sixteen-maryland-don-california
File name:	4d107c341ce4c2893d537b1e16acde39.exe
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	245'248 bytes
First seen:	2021-09-30 15:18:59 UTC
Last seen:	2021-09-30 16:19:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1f41e0ca4ea9e1d12338209135b5bab4 (6 x ArkeiStealer, 1 x DanaBot, 1 x Loki)
ssdeep	3072:zfwdz5sBldJ/a4ntPCUKb0aMO7yqVMaZrhlfvruOqbjZAziuA0cSUTtR:zfIlQdJ/TBCUK3prHyOqfyiuAi6
Threatray	66 similar samples on MalwareBazaar
TLSH	T176349E10B7E0C035F0B722FA4979D369692DBDB1AB2495CB23C52BFA56346E4AC30747
File icon (PE):
dhash icon	e8e8e8e8aa66a499 (51 x RaccoonStealer, 27 x ArkeiStealer, 22 x RedLineStealer)
Reporter	abuse_ch
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

191

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

4d107c341ce4c2893d537b1e16acde39.exe

Verdict:

Suspicious activity

Analysis date:

2021-09-30 21:21:42 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d477ec6c-6f2f-4cb0-9c0c-3ce8d76f6fbd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/193719/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Stealer.31055.23071.11238.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/01039a7c-2be7-4be3-a252-6e44c065a8f9

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.evad

Score:

84 / 100

Link:

https://www.joesandbox.com/analysis/862046

Signature

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c/

Threat name:

Win32.Trojan.Convagent

Status:

Malicious

First seen:

2021-09-30 15:19:11 UTC

AV detection:

25 of 45 (55.56%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2e14b592904e292539d9fc9d57a06df31676d5645ebaa49ebe129044d2d3baa3

52d8a85ebf2defc2b7fa13237f45e6a24714e86cc0e595a6e7e8a43a16b923f0

5a2eff9610a0bdc09557cd54e9ad7e5b93b930359a8e322fb479ab7b1e20cf7d

70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb

b3c5e8250ec320fd546df876a5be7ca4e9a70696dc2373ce5ff670def95d5238

b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541

c28e190666a5967096f8c8e3ecd3a62e502fe84eb300113faa3fe06575ea118b

ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852

e29a1c1188926719adc1bece4f4e828ac78c0aaca2cb01e141e6cf7ca5539e6b

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

+ 56 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei stealer

Link:

https://tria.ge/reports/210930-sp6wxaaad9/

Behaviour

Arkei Stealer Payload

Arkei

Unpacked files

SH256 hash:

4b33410c1350737eb7eb734fb597c32083ae1a60955a871fe914b5ccff23a91a

MD5 hash:

e4e7f7cb036464db3050cf0fe6e7aaec

SHA1 hash:

44d6b2bfa01b4f2f7b3ffbd522d267af35a9cb01

Link:

https://www.unpac.me/results/0ff43e53-4346-46b6-89f5-cb0015e757d4/

SH256 hash:

e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c

MD5 hash:

4d107c341ce4c2893d537b1e16acde39

SHA1 hash:

082defd2cdd87ca15c8a399e43ddb6f84617724c

Link:

https://www.unpac.me/results/0ff43e53-4346-46b6-89f5-cb0015e757d4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe e2186e1acd2f5ffa7897b8874871b4d835ed5814f10f87d91732d664be9bc06c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1603785/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/193719/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample