d1a1d58d8a0f99f5dd33728b871fe64ccd3be54aef1377006e11b05e88e75c68 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

ArkaSteale...ed.exe

windows7-x64

9

ArkaSteale...ed.exe

windows10-2004-x64

9

Sharing

General

Target

ArkaStealerApp_protected.exe
Size

6.2MB
Sample

241003-vztensxdmq
MD5

ceafbe35bded07858f046156163b0526
SHA1

54f330cdcb9ad3927aa44251f5877d35ebae1569
SHA256

d1a1d58d8a0f99f5dd33728b871fe64ccd3be54aef1377006e11b05e88e75c68
SHA512

d9de027ffc819964889505d3cac3c0f3a1e343ccaf0fa36698434a746eb123f2500623f21b35d5c5d8d9bda83cbc9ec63a4c4eab3a9cbdc229a114c30a9c1fea
SSDEEP

196608:/mAa8PDO5pQ8X6swLleBMGRnGgro8jDwimKy+LTGF6FP:/mAa8PDYi8X6swZEMGbro84HyHt5

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ArkaStealerApp_protected.exe

Resource

win7-20240903-en

evasion themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

ArkaStealerApp_protected.exe

Resource

win10v2004-20240910-en

evasion themida trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  ArkaStealerApp_protected.exe
- Size
  
  6.2MB
- MD5
  
  ceafbe35bded07858f046156163b0526
- SHA1
  
  54f330cdcb9ad3927aa44251f5877d35ebae1569
- SHA256
  
  d1a1d58d8a0f99f5dd33728b871fe64ccd3be54aef1377006e11b05e88e75c68
- SHA512
  
  d9de027ffc819964889505d3cac3c0f3a1e343ccaf0fa36698434a746eb123f2500623f21b35d5c5d8d9bda83cbc9ec63a4c4eab3a9cbdc229a114c30a9c1fea
- SSDEEP
  
  196608:/mAa8PDO5pQ8X6swLleBMGRnGgro8jDwimKy+LTGF6FP:/mAa8PDYi8X6swZEMGbro84HyHt5
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.