arkei | 5234c8454d9bba3fbb0bd71bacc23080ab8045edd2b6968bb0bf45dd44c489ec | Triage

Sharing

General

Target

5234c8454d9bba3fbb0bd71bacc23080ab8045edd2b6968bb0bf45dd44c489ec
Size

264KB
Sample

220123-j1tlaafea4
MD5

745d1864f4dcfb6fc3ed0b4487bb988d
SHA1

b141d893ab28b06021b32ed08345188644ce5ea7
SHA256

5234c8454d9bba3fbb0bd71bacc23080ab8045edd2b6968bb0bf45dd44c489ec
SHA512

9bc579c6982909b40e5ad9103e53d8676c664caabf363477f0e7556a5ac7f0b635bb4486a7ec4a728d749b93de5ea183f5d4b57b8aa006795d901217ba96d5a4

Score

10^/10

arkei default persistence stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  5234c8454d9bba3fbb0bd71bacc23080ab8045edd2b6968bb0bf45dd44c489ec
- Size
  
  264KB
- MD5
  
  745d1864f4dcfb6fc3ed0b4487bb988d
- SHA1
  
  b141d893ab28b06021b32ed08345188644ce5ea7
- SHA256
  
  5234c8454d9bba3fbb0bd71bacc23080ab8045edd2b6968bb0bf45dd44c489ec
- SHA512
  
  9bc579c6982909b40e5ad9103e53d8676c664caabf363477f0e7556a5ac7f0b635bb4486a7ec4a728d749b93de5ea183f5d4b57b8aa006795d901217ba96d5a4
Score

10^/10

arkei default persistence stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei Stealer Payload
  stealer
- Sets service image path in registry
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultpersistencestealer