fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5

Target

Size

295KB

Sample

220124-nmcg3aeeer

Score

10 ^/10

MD5

56d68834f92fc16f9fbfd6050fb603a5

SHA1

ff41773f9af885780fb90078fa9e91bc12311577

SHA256

fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5

SHA512

841b1dceebca65a30da70d9fcbb8e7c32d07e1fc6771ab4f5a94f261de7d1e1712f5c5667e0d762acc9eac9d7a7effa56676f741613912d3ed46d26df3a3f0b3

Extracted

Family	arkei
Botnet	Default
C2	http://homesteadr.link/ggate.php http://homesteadr.link/ggate.php

Target

fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5

MD5

56d68834f92fc16f9fbfd6050fb603a5

Filesize

295KB

Score

10^/10

SHA1

ff41773f9af885780fb90078fa9e91bc12311577

SHA256

fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5

SHA512

841b1dceebca65a30da70d9fcbb8e7c32d07e1fc6771ab4f5a94f261de7d1e1712f5c5667e0d762acc9eac9d7a7effa56676f741613912d3ed46d26df3a3f0b3

Signatures

Arkei
Description

Arkei is an infostealer written in C++.
Tags

stealer arkei
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Description

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Tags

suricata
Arkei Stealer Payload
Tags

stealer
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

arkei default discovery spyware stealer suricata

10^/10

Extracted

Tags

Signatures

Arkei

Description

Tags

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

Description

Tags

Arkei Stealer Payload

Tags

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1