arkei | 3cca77d790fbff02b5671b017a33b127bcff121040b7289d7a310974fc4f3378 | Triage

Submit
Reports

Overview

overview

Static

static

54cada1b9d...cb.exe

windows7_x64

54cada1b9d...cb.exe

windows10_x64

Sharing

General

Target

54cada1b9db82b02330bb5b912993fcb.exe
Size

190KB
Sample

211125-vdd3vsbbg3
MD5

54cada1b9db82b02330bb5b912993fcb
SHA1

c3b3dcb9ef275c3f2e2f8cec28d4440df6c746b0
SHA256

3cca77d790fbff02b5671b017a33b127bcff121040b7289d7a310974fc4f3378
SHA512

d8b2e569590e50a52327a2e770c9b17e013e1ce297142dd81f71b1dd09b5fde97e7379518db6b3aa12ee1ebe06ee8672c52516899fc2f729f2b90660cba084b0

Score

10^/10

arkei default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

54cada1b9db82b02330bb5b912993fcb.exe

Resource

win7-en-20211104

arkei default discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

54cada1b9db82b02330bb5b912993fcb.exe

Resource

win10-en-20211014

arkei default discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://die-grausamste-herrin.at/wp.php

Targets

- Target
  
  54cada1b9db82b02330bb5b912993fcb.exe
- Size
  
  190KB
- MD5
  
  54cada1b9db82b02330bb5b912993fcb
- SHA1
  
  c3b3dcb9ef275c3f2e2f8cec28d4440df6c746b0
- SHA256
  
  3cca77d790fbff02b5671b017a33b127bcff121040b7289d7a310974fc4f3378
- SHA512
  
  d8b2e569590e50a52327a2e770c9b17e013e1ce297142dd81f71b1dd09b5fde97e7379518db6b3aa12ee1ebe06ee8672c52516899fc2f729f2b90660cba084b0
Score

10^/10

arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealer

behavioral2

arkeidefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy