arkei | d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
Size

302KB
Sample

220119-r5616sagd4
MD5

f42790df3ab9ce9c7c11684935e8a9c4
SHA1

13df51e503fa77a8a892212d5294b3a0569baabe
SHA256

d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
SHA512

4da8c72e5c1cdaab22efa8573b800ad781b89dbe5cf0c4230153f76c86cc1504809a2b852a6b7f4710b997eca0626ee39a8bc9b5b7f1a77bb6be7f737ce3432b

Score

10^/10

arkei default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9.exe

Resource

win10v2004-en-20220112

arkei default discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
- Size
  
  302KB
- MD5
  
  f42790df3ab9ce9c7c11684935e8a9c4
- SHA1
  
  13df51e503fa77a8a892212d5294b3a0569baabe
- SHA256
  
  d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
- SHA512
  
  4da8c72e5c1cdaab22efa8573b800ad781b89dbe5cf0c4230153f76c86cc1504809a2b852a6b7f4710b997eca0626ee39a8bc9b5b7f1a77bb6be7f737ce3432b
Score

10^/10

arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy