176c1af7ff95090ec71fd6f10566bee536cc3b06f99138ff569795ab1ee5c519

Target

Size

284KB

Sample

220124-c79shsaeg9

Score

10 ^/10

MD5

6d43d489943713a9f5af9d6b2ad0f73a

SHA1

4247924640a0835d5dfbe2c63e0d349a862e44a2

SHA256

176c1af7ff95090ec71fd6f10566bee536cc3b06f99138ff569795ab1ee5c519

SHA512

f3d478593d86b0004ed88747c50288050820c3ade6365906e58bbca52ca3f5393de1f2e2f0983cbe2b39942a2fe53400f3f77610e005fe2cc11f026f5e679274

Extracted

Family	arkei
Botnet	Default
C2	http://coin-file-file-19.com/tratata.php http://coin-file-file-19.com/tratata.php

Target

176c1af7ff95090ec71fd6f10566bee536cc3b06f99138ff569795ab1ee5c519

MD5

6d43d489943713a9f5af9d6b2ad0f73a

Filesize

284KB

Score

10^/10

SHA1

4247924640a0835d5dfbe2c63e0d349a862e44a2

SHA256

176c1af7ff95090ec71fd6f10566bee536cc3b06f99138ff569795ab1ee5c519

SHA512

f3d478593d86b0004ed88747c50288050820c3ade6365906e58bbca52ca3f5393de1f2e2f0983cbe2b39942a2fe53400f3f77610e005fe2cc11f026f5e679274

Signatures

Arkei
Description

Arkei is an infostealer written in C++.
Tags

stealer arkei
Suspicious use of NtCreateProcessExOtherParentProcess
Arkei Stealer Payload
Tags

stealer
Downloads MZ/PE file
Sets service image path in registry
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

arkei default discovery persistence spyware stealer

10^/10

Extracted

Tags

Signatures

Arkei

Description

Tags

Suspicious use of NtCreateProcessExOtherParentProcess

Arkei Stealer Payload

Tags

Downloads MZ/PE file

Sets service image path in registry

Tags

TTPs

Checks computer location settings

Description

TTPs

Loads dropped DLL

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1