arkei | 156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc
Size

269KB
Sample

220121-3szxwadhel
MD5

c79692868d54348d3606835ff47eb29d
SHA1

2342d85852a5f8094e55d30a6ea393cbcf675f1d
SHA256

156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc
SHA512

53fb7fd37871f765905c22f34a208c15f0c0d91cb82f13bb5eefbdb2ba84dcf38eaf4e27cebe67822655578e7526f887090537709e7e77b4891c2916ac3e73dd

Score

10^/10

arkei default discovery persistence spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc.exe

Resource

win10v2004-en-20220112

arkei default discovery persistence spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://homesteadr.link/ggate.php

Targets

- Target
  
  156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc
- Size
  
  269KB
- MD5
  
  c79692868d54348d3606835ff47eb29d
- SHA1
  
  2342d85852a5f8094e55d30a6ea393cbcf675f1d
- SHA256
  
  156f73bb1241ddd75420fa0a99fb04eafe90a7f3aa7ad95dba1e42b0df995fcc
- SHA512
  
  53fb7fd37871f765905c22f34a208c15f0c0d91cb82f13bb5eefbdb2ba84dcf38eaf4e27cebe67822655578e7526f887090537709e7e77b4891c2916ac3e73dd
Score

10^/10

arkei default discovery persistence spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoverypersistencespywarestealersuricata

© 2018-2024

Terms | Privacy