Description
Arkei is an infostealer written in C++.
8c9bac8acb30b32ee42a20b9c520c806bbe17c9c666b6d2ab03a4566f2c95cc0
General
Target
Size
Sample
8c9bac8acb30b32ee42a20b9c520c806bbe17c9c666b6d2ab03a4566f2c95cc0
284KB
220124-ahl9tagfa6
Score
10 /10
MD5
SHA1
SHA256
SHA512
73aa27714738718889d0e401c0a022c3
7fb66980bf68069271698821b35e0de2968451d3
8c9bac8acb30b32ee42a20b9c520c806bbe17c9c666b6d2ab03a4566f2c95cc0
d6f631e956a93af20b597d88c5bd241365c60af84615d3de0160f8f669162335dc25ea910ae7de92997038b37544c5e34b638b4933e26e1683efd71a02b92f03
Malware Config
Extracted
| Family | arkei |
| Botnet | Default |
| C2 |
http://coin-file-file-19.com/tratata.php |
Targets
Target
MD5
Filesize
8c9bac8acb30b32ee42a20b9c520c806bbe17c9c666b6d2ab03a4566f2c95cc0
73aa27714738718889d0e401c0a022c3
284KB
Score
10/10
SHA1
SHA256
SHA512
7fb66980bf68069271698821b35e0de2968451d3
8c9bac8acb30b32ee42a20b9c520c806bbe17c9c666b6d2ab03a4566f2c95cc0
d6f631e956a93af20b597d88c5bd241365c60af84615d3de0160f8f669162335dc25ea910ae7de92997038b37544c5e34b638b4933e26e1683efd71a02b92f03
Tags
Signatures
-
Arkei
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
Tags
-
Downloads MZ/PE file
-
Sets service image path in registry
Tags
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks