Description
Arkei is an infostealer written in C++.
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
General
Target
Size
Sample
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
274KB
220127-e12vfafdgk
Score
10 /10
MD5
SHA1
SHA256
SHA512
c0cebf58bc464d40ada9444c8c19e955
52cc6a2c87862b1c815e843f154ec9cb66f345e9
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490
Malware Config
Extracted
| Family | arkei |
| Botnet | Default |
| C2 |
http://coin-file-file-19.com/tratata.php |
Targets
Target
MD5
Filesize
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
c0cebf58bc464d40ada9444c8c19e955
274KB
Score
10/10
SHA1
SHA256
SHA512
52cc6a2c87862b1c815e843f154ec9cb66f345e9
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490
Tags
Signatures
-
Arkei
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Description
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Tags
-
Arkei Stealer Payload
Tags
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks