arkei

General

Target

f1d1bc2aec17edf59056a7c0e4f559a1.exe
Size

270KB
Sample

220123-w12ywagcbq
MD5

f1d1bc2aec17edf59056a7c0e4f559a1
SHA1

e2da0e0c347161c4dbea44a4b3fb3fd3c63d2195
SHA256

7ce36530d4ba78705e940868563575d428c656a8fa1dc82b39e8f8dbe3da1c1c
SHA512

15797519677f67b80bb33a508774b7b12882c7f4d9d4c1f506b704613cc5de14e481f02fe944fa63ec88694b7e31eff71dc31b9944e1a133e45d58a097467675

Score

10^/10

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://homesteadr.link/ggate.php

Targets

- Target
  
  f1d1bc2aec17edf59056a7c0e4f559a1.exe
- Size
  
  270KB
- MD5
  
  f1d1bc2aec17edf59056a7c0e4f559a1
- SHA1
  
  e2da0e0c347161c4dbea44a4b3fb3fd3c63d2195
- SHA256
  
  7ce36530d4ba78705e940868563575d428c656a8fa1dc82b39e8f8dbe3da1c1c
- SHA512
  
  15797519677f67b80bb33a508774b7b12882c7f4d9d4c1f506b704613cc5de14e481f02fe944fa63ec88694b7e31eff71dc31b9944e1a133e45d58a097467675
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

Arkei Stealer Payload

Downloads MZ/PE file

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2