arkei | af731db3ff0accea3ed49292d5aaf903ea530de823197fd3eda5e21830c49b8d | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice- 9...ce.doc

windows7_x64

Invoice- 9...ce.doc

windows10_x64

Sharing

General

Target

Invoice- 9452729 Oil_Field_Swift_remmitance.doc
Size

55KB
Sample

211018-lmmlxseccl
MD5

531576d42fac0f02c88fdc36714d3d1c
SHA1

b792e083daa495aa9474e8fca8e885a6eef6b263
SHA256

af731db3ff0accea3ed49292d5aaf903ea530de823197fd3eda5e21830c49b8d
SHA512

7811c2943d4ab89c2ec830af65e6eff6ca24a288ead34608e12707e1df645095472e7470223c0314894b94607629a18c547e26ba4016916afcf97742a20a78be

Score

10^/10

arkei default macro spyware stealer xlm

Static task

static1

Behavioral task

behavioral1

Sample

Invoice- 9452729 Oil_Field_Swift_remmitance.doc

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice- 9452729 Oil_Field_Swift_remmitance.doc

Resource

win10-en-20211014

arkei default spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://searcer.x24hr.com/a/soleApp11.exe

Extracted

Family

arkei

Botnet

Default

C2

http://136.144.41.229/gJCbU1V9y2.php

Targets

- Target
  
  Invoice- 9452729 Oil_Field_Swift_remmitance.doc
- Size
  
  55KB
- MD5
  
  531576d42fac0f02c88fdc36714d3d1c
- SHA1
  
  b792e083daa495aa9474e8fca8e885a6eef6b263
- SHA256
  
  af731db3ff0accea3ed49292d5aaf903ea530de823197fd3eda5e21830c49b8d
- SHA512
  
  7811c2943d4ab89c2ec830af65e6eff6ca24a288ead34608e12707e1df645095472e7470223c0314894b94607629a18c547e26ba4016916afcf97742a20a78be
Score

10^/10

arkei default spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

arkeidefaultspywarestealer

© 2018-2024

Terms | Privacy