General
-
Target
7d391ed9356c4fa41f015b73f667663813b0d3b2e5ce1482fae64462a316bff6
-
Size
1.6MB
-
Sample
220115-2aezbafaf9
-
MD5
953f7ef3d735935dbbfb4c249bcd1534
-
SHA1
cb192b0134468f9e59d3b02cfc2f26652c8d689a
-
SHA256
7d391ed9356c4fa41f015b73f667663813b0d3b2e5ce1482fae64462a316bff6
-
SHA512
8ef23e1c1ed9b459a551b6eefa259cf47bd9732ea58190a25362329238a315764d7ebf6fd70dfa147190adc6a9681baf3a174e8f271a47a4b84b833b535f308e
Malware Config
Extracted
arkei
Default
http://185.7.214.239/POeNDXYchB.php
Targets
-
-
Target
7d391ed9356c4fa41f015b73f667663813b0d3b2e5ce1482fae64462a316bff6
-
Size
1.6MB
-
MD5
953f7ef3d735935dbbfb4c249bcd1534
-
SHA1
cb192b0134468f9e59d3b02cfc2f26652c8d689a
-
SHA256
7d391ed9356c4fa41f015b73f667663813b0d3b2e5ce1482fae64462a316bff6
-
SHA512
8ef23e1c1ed9b459a551b6eefa259cf47bd9732ea58190a25362329238a315764d7ebf6fd70dfa147190adc6a9681baf3a174e8f271a47a4b84b833b535f308e
Score10/10-
Arkei
Arkei is an infostealer written in C++.
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-