arkei | da07eafad62111cfb7276c0c606bf7b4704bb122a19b80b769654c3459e664d6 | Triage

Submit
Reports

Overview

overview

Static

static

mixsix_202...48.exe

windows7_x64

mixsix_202...48.exe

windows10_x64

Sharing

General

Target

mixsix_20211019-165848
Size

284KB
Sample

211020-kke9dshgbk
MD5

43d1162f6247a5d3ebf354b713ff33c5
SHA1

55d2f68ee15c17111ed8f9307991c496f512c1fb
SHA256

da07eafad62111cfb7276c0c606bf7b4704bb122a19b80b769654c3459e664d6
SHA512

479288bc1d8187f8be3f0e2acffaea303ffb7fbffff8300c8dd571e162ef253fa8ab89ca7dcbe129781f64b269994fb343d1ce65bbf1eb693d74b8c69b060e23

Score

10^/10

arkei default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

mixsix_20211019-165848.exe

Resource

win7-en-20210920

arkei default discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mixsix_20211019-165848.exe

Resource

win10-en-20211014

arkei default spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://truzen.info/ggate.php

Targets

- Target
  
  mixsix_20211019-165848
- Size
  
  284KB
- MD5
  
  43d1162f6247a5d3ebf354b713ff33c5
- SHA1
  
  55d2f68ee15c17111ed8f9307991c496f512c1fb
- SHA256
  
  da07eafad62111cfb7276c0c606bf7b4704bb122a19b80b769654c3459e664d6
- SHA512
  
  479288bc1d8187f8be3f0e2acffaea303ffb7fbffff8300c8dd571e162ef253fa8ab89ca7dcbe129781f64b269994fb343d1ce65bbf1eb693d74b8c69b060e23
Score

10^/10

arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealer

behavioral2

arkeidefaultspywarestealer

© 2018-2024

Terms | Privacy