arkei | 33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
Size

310KB
Sample

220119-b13j7aeee5
MD5

507fb2556918322cdbb18572312f85f6
SHA1

012dfb82bccc57acec121566697dd36380e6bf67
SHA256

33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
SHA512

abe6f4dfff52f73385436f9dd594dd14af890fa8829d4d21e98c31f0717ce2edcc2f49135d01f4a4e4f063f4a91915a6546d6172565851851bbf8ae14ba50032

Score

10^/10

arkei default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6.exe

Resource

win10v2004-en-20220112

arkei default discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
- Size
  
  310KB
- MD5
  
  507fb2556918322cdbb18572312f85f6
- SHA1
  
  012dfb82bccc57acec121566697dd36380e6bf67
- SHA256
  
  33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
- SHA512
  
  abe6f4dfff52f73385436f9dd594dd14af890fa8829d4d21e98c31f0717ce2edcc2f49135d01f4a4e4f063f4a91915a6546d6172565851851bbf8ae14ba50032
Score

10^/10

arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy