Extracted

• • Target

    e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

  • Size

    327KB

  • MD5

    cba5a02f12940f7569e9f86b722d565c

  • SHA1

    ba466cfe6750fe9cfcf43b1305ddc8d068f0be48

  • SHA256

    e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

  • SHA512

    1554ec38ff34ec17b377e7a6b2439a73afc9b12f52504bbb6c3deae495ae9437f26229e82039657d3714e2d24a9bdee462af6784ca4134b5763de49f79a648a7

  Score

  10^/10

  arkeidefaultdiscoveryspywarestealersuricata

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    suricata

  • Arkei Stealer Payload

    stealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1