arkei | 95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
Size

274KB
Sample

220127-dyp77aegdp
MD5

5b6f7a663dd0a1cb4577ff3aac192489
SHA1

fb4e6ca79a20abc8768d49b238620d2db2697278
SHA256

95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
SHA512

11ba45277a9723bb1bbb14b15361238665cbb33f8811c1285be54c8b2d9c3db9088a05efbb966ee48e9fab2d1bac022e5c75f3ba8176c9743a2269c629cec8ef

Score

10^/10

arkei default discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992.exe

Resource

win10v2004-en-20220112

arkei default discovery persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

- Target
  
  95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
- Size
  
  274KB
- MD5
  
  5b6f7a663dd0a1cb4577ff3aac192489
- SHA1
  
  fb4e6ca79a20abc8768d49b238620d2db2697278
- SHA256
  
  95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
- SHA512
  
  11ba45277a9723bb1bbb14b15361238665cbb33f8811c1285be54c8b2d9c3db9088a05efbb966ee48e9fab2d1bac022e5c75f3ba8176c9743a2269c629cec8ef
Score

10^/10

arkei default discovery persistence spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy