arkei | 95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
Size

302KB
Sample

220119-l59t6sghgq
MD5

862a8df3591e22cd24458085b6630995
SHA1

5098f1db2e9f147534f5b49c1fe1e9703c465a16
SHA256

95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
SHA512

fd048bb0146265ca63226128f252cb4e9fddc40500b601738d69735260b9d1945b1bd9935cbcc817dc69c9ef2d1b676af3ef2691c0891d7e1c3fabfa252461e4

Score

10^/10

arkei default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00.exe

Resource

win10v2004-en-20220112

arkei default discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
- Size
  
  302KB
- MD5
  
  862a8df3591e22cd24458085b6630995
- SHA1
  
  5098f1db2e9f147534f5b49c1fe1e9703c465a16
- SHA256
  
  95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
- SHA512
  
  fd048bb0146265ca63226128f252cb4e9fddc40500b601738d69735260b9d1945b1bd9935cbcc817dc69c9ef2d1b676af3ef2691c0891d7e1c3fabfa252461e4
Score

10^/10

arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy