MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ArkeiStealer

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659
SHA3-384 hash:	4deaa274df097c11b5c6dc6438d5fc08c1952325255466ee4dfa66ea105dc468dc58d6fc07914b1ff88bf3e2070e9cf4
SHA1 hash:	37b36c6597e521b4019897357a7d01bb69a28306
MD5 hash:	8380ef0984416b6fffeaffbf3415765e
humanhash:	violet-golf-uniform-eight
File name:	mixsix_20211012-141038(1)
Download:	download sample
Signature	ArkeiStealer Create hunting rule
File size:	203'776 bytes
First seen:	2021-10-12 13:22:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a3d3c102ccd598a84c1f646602841228 (1 x Smoke Loader, 1 x ArkeiStealer, 1 x RaccoonStealer)
ssdeep	6144:og7+TLD02mBNhzbsJQ7ugWco+pVx98aCxB+XSHNE:VgLY2eXzbsG7fo6H8bDH
Threatray	95 similar samples on MalwareBazaar
TLSH	T16F14CF2072A0C776D8A765719CB487A10A7B78721B3491CB77B83B7E5F513C04A39367
File icon (PE):
dhash icon	a3bcdcac9c8cb4a4 (4 x ArkeiStealer, 2 x RaccoonStealer, 1 x Stop)
Reporter	benkow_
Tags:	ArkeiStealer exe

Intelligence

File Origin

# of uploads :

# of downloads :

222

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

mixsix_20211012-141038(1)

Verdict:

Suspicious activity

Analysis date:

2021-10-12 20:10:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/aba0ecde-6c13-4af6-a3ed-66077a275a0f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/196956/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.20860.20319.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Query of malicious DNS domain

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/96614847-c704-469e-8302-226790b67da8

Result

Threat name:

Vidar

Detection:

malicious

Classification:

troj.spyw

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/868699

Signature

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected Vidar stealer

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-10-12 13:23:05 UTC

AV detection:

18 of 27 (66.67%)

Threat level:

5/5

Verdict:

malicious

ArkeiStealer

70d2439d21209fcc393ca4989fbe1d5966c651345ad9b38bab512dbe9861e2bb

ArkeiStealer

71afc45f296c232c605e7e18e5303e59efefedc94f3a3c47c6e91ca46d586ce7

ArkeiStealer

9cc81654b9314f9f7ce9b46d16213eba06d00969aeff8b2bbb6f443c2ddfba79

ArkeiStealer

b944023d535bc8e5980173e203cee0d2fc2df9e865b4a06fc0694436ce5b6541

ArkeiStealer

ccbded51600db440d54831ff724cf0e988220da4cd069244ade361c959b8c852

ArkeiStealer

e558134f888d403ba60d7db59978502a9071951528cd4873bd4702921012d69e

ArkeiStealer

edf6beb88780fb3085332f843b73418f52bbf095265dad631cf8e187644cb565

ArkeiStealer

f24723275fef7c816ed025e24ff55657b5bbce2c0e8df3ffb59b8bec2890d405

ArkeiStealer

+ 85 additional samples on MalwareBazaar

Result

Malware family:

arkei

Score:

10/10

Tags:

family:arkei spyware stealer

Link:

https://tria.ge/reports/211012-qmsv6acdf8/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Reads user/profile data of web browsers

Arkei Stealer Payload

Arkei

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

681dd3210d7550268f684628dd7946349ac3a97a6331c5567241a4caf4d7987c

MD5 hash:

4bb65548f890bed129c141c3c04fc8c4

SHA1 hash:

39257aa791e39dd40a79d1c33c35c30010a98e0d

Link:

https://www.unpac.me/results/aefc6603-2173-4b83-91fe-c9b847ae1449/

SH256 hash:

e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659

MD5 hash:

8380ef0984416b6fffeaffbf3415765e

SHA1 hash:

37b36c6597e521b4019897357a7d01bb69a28306

Link:

https://www.unpac.me/results/aefc6603-2173-4b83-91fe-c9b847ae1449/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/e45dafc74d55/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e45dafc74d55173123dd0c7f3b6bb0389474ea62e80c0d660b7bed40727bb659

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/196956/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample