arkei | 63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd
Size

289KB
Sample

220119-zt9a6adbfj
MD5

a221cc994352048b582294e48e566e2f
SHA1

3f207d1a2280ee9549db3fa008014ddcd2526bbe
SHA256

63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd
SHA512

4e712799e1b0ac3ac9f513f7149ce38c5d05d464cf55ef300411cc0ad28cd5b381937c4df291706415f800f724b9e670247f3d2507a2001376ef7ba1fd77de11

Score

10^/10

arkei default discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd.exe

Resource

win10v2004-en-20220112

arkei default discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://homesteadr.link/ggate.php

Targets

- Target
  
  63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd
- Size
  
  289KB
- MD5
  
  a221cc994352048b582294e48e566e2f
- SHA1
  
  3f207d1a2280ee9549db3fa008014ddcd2526bbe
- SHA256
  
  63244e1de34eacc4de3384cb4ba79d9b7f92ea0040720566ebfa9bdabe25f0bd
- SHA512
  
  4e712799e1b0ac3ac9f513f7149ce38c5d05d464cf55ef300411cc0ad28cd5b381937c4df291706415f800f724b9e670247f3d2507a2001376ef7ba1fd77de11
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy