arkei

Sharing

Copy URL

Twitter E-mail

General

Target

MarsSamples
Size

2.5MB
Sample

220520-ysv7gagahl
MD5

1dd5541f3ee9e1e5f23859b0371fd489
SHA1

850311a9a94e64f312e74e3ad52e4dd3aebb796b
SHA256

bb480c7f0a06216549275d1dee70f63948bdf81d3ab605eb799b72c243158b52
SHA512

c67cb6723bdba2fb8ae7c90143f5fb288560e975e84ec92509a4e710ab892ffad321944b777a8dc883af7904b24a77cef77994d6112a24056b5879558f53141b

Score

10^/10

Malware Config

Extracted

Family

arkei

Botnet

Default

http://tafun.link/51874.php

http://5.45.84.214/umO0HLhYp5.php

http://62.204.41.128/81uBpsioYb.php

http://212.227.211.75/after.php

http://sughicent.com/blaka.php

http://62.204.41.180/5xtELSMXvf.php

http://185.8.105.91/2FmVrGoI1K.php

http://tommytshop.com/KNOuG8qeID.php

Targets

- Target
  
  MarsSamples/6d1365e37040955a395c3c0cdec2fd338f77d6067c0716858a9451de786219d3
- Size
  
  159KB
- MD5
  
  4cd9500edb477ccd9a2189171217ef25
- SHA1
  
  a2052d373c3aa9ccb05c38bb9e8a71cb821efffe
- SHA256
  
  6d1365e37040955a395c3c0cdec2fd338f77d6067c0716858a9451de786219d3
- SHA512
  
  406f63250096ad4d86d925539ae3852d91614e19180019726fdaed2c157d87744daf45b15190141c49e704bcf9dd537cd98c332ec09bc6bd02a0b2f6ddee8e49
Score

10^/10

arkei default spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  MarsSamples/70afcf1b0507e851f3a9ac434129fce707de39ebb8e09a956d2d41e065d409f4
- Size
  
  159KB
- MD5
  
  1111df3ee04b98521fd3f4144db25bf7
- SHA1
  
  52b9f3f7c063b62d365839362916f65401e18987
- SHA256
  
  70afcf1b0507e851f3a9ac434129fce707de39ebb8e09a956d2d41e065d409f4
- SHA512
  
  57d8171f15f8684ebcf67bab645bb8c6a6098c554f1f10a9ed4cbd329507d49ac8b8a1c156697eb3c8e0a647629463dec2b9563050d875a14fb7d0575a960d58
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral3 behavioral4
- Target
  
  MarsSamples/771c829087e13220bf66aba98879059fecd2de0774900fabd043f495a2c9f63e
- Size
  
  160KB
- MD5
  
  3a0a6877fd3f9943d75d0fdd79c9cdbf
- SHA1
  
  61bdf7355cb2532b295c76ee50a3dd55c9dcc508
- SHA256
  
  771c829087e13220bf66aba98879059fecd2de0774900fabd043f495a2c9f63e
- SHA512
  
  76dd03503b54028edc6eaf830e1f3d30976e98729a774ba04a3e83f4aab826eca34cf363bc8690c49f0641b202ee7c80df3c7beb7cc1fabfa72eda660dcc948e
Score

1^/10
behavioral5 behavioral6
- Target
  
  MarsSamples/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84
- Size
  
  356KB
- MD5
  
  3a35b5638025e4dfec5db0763e060201
- SHA1
  
  fc10a12aa949773a3c98fb73dac6692de7f9e3ad
- SHA256
  
  813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84
- SHA512
  
  f834ed2d0d7afc82bf2edd908d131e9e28f6b8f0a53becae78c2ad9a86c56ad76c88609a108f7a66e4a0522a9db88a6943f230dda89b35c5e3e598c38e908e06
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral7 behavioral8
- Target
  
  MarsSamples/8c192fb5bff179a874a8c484e748fd18b722840278848d9e0ff9f388fc528e1e
- Size
  
  158KB
- MD5
  
  83eb146d21324861b24830949daf6e9d
- SHA1
  
  3dd72c73f90634a92d4a3c39e9146365811b25c9
- SHA256
  
  8c192fb5bff179a874a8c484e748fd18b722840278848d9e0ff9f388fc528e1e
- SHA512
  
  3f858ef5c22a0dd534ca2c1bfa70d2343ca227970781f977b51297a82f77df9eee16ee454f12ecfc7fb064f6907960285fbf1b6a205f8edf104f9ad167e2f651
Score

1^/10
behavioral9 behavioral10
- Target
  
  MarsSamples/90486182025452ef6411fb51aec3f3ad46e0dac44b17fa84e5421adeeddbf833
- Size
  
  158KB
- MD5
  
  e437c05231d7ef73063ad563754eac2e
- SHA1
  
  55ae58cd1ae3fafcefae1db9260be189a9128960
- SHA256
  
  90486182025452ef6411fb51aec3f3ad46e0dac44b17fa84e5421adeeddbf833
- SHA512
  
  716f921adba6e6c90fc4cfe1d2acd2386ac62547a326f98f08c9b472b93b720cdc13ee697571e064b8bd333ccdbb17bea4e2c749c8146f714271021487e69d49
Score

1^/10
behavioral11 behavioral12
- Target
  
  MarsSamples/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10
- Size
  
  159KB
- MD5
  
  5f6e947137bf4b2a3191eb2910d913ba
- SHA1
  
  4f05ecab6fc7a01ad8b4e6ae87b34591fd8573a2
- SHA256
  
  9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10
- SHA512
  
  f93b631555d4a61d2e06a0bd210cb7cab17aa7981617ea23363940f33406a46eba3609a8ff5df14ec44ab156781f7deead0e1630eac7311a7fe4df58276bb7e3
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14
- Target
  
  MarsSamples/97121634e7eda9ea36ad75a3094f55803b1bf2d76e5a048ec1baa32efeea3d9a
- Size
  
  159KB
- MD5
  
  7f891c856812bff5ce95758558c0f81c
- SHA1
  
  daca810dc62f62019beb7300d207118aeff72b4a
- SHA256
  
  97121634e7eda9ea36ad75a3094f55803b1bf2d76e5a048ec1baa32efeea3d9a
- SHA512
  
  743c00c56f44f10b5a67785d43e69af27d0f0508edbb21da739de7e5ed81ebe812209705304c5caab1ad83796d65eac0e7fe9282fd71f8a8d798ca064a7cbe53
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral15 behavioral16
- Target
  
  MarsSamples/97eaa5a789cfd6a823ac97af840d0df2b033a876addcb52aabea4ee65a37dbf6
- Size
  
  159KB
- MD5
  
  e6ccc89ec856f6adc6eb84e3bc00a08a
- SHA1
  
  ff1330dbac4312dfbe8e6293af267f08a4175827
- SHA256
  
  97eaa5a789cfd6a823ac97af840d0df2b033a876addcb52aabea4ee65a37dbf6
- SHA512
  
  0d8b88fd6e0227c9593aa4bddd980a122c1ddb5095618d3212931a8e96ca26e3e6c1ff7834f98de80b43c3518e0fdc3459a10098fbd8ad66b2d6f6c39732c2bc
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral17 behavioral18
- Target
  
  MarsSamples/a564b6f55800989a8be0754dafd3bacd266f6a01c46dfa84b39b9951cd589f03
- Size
  
  159KB
- MD5
  
  1c5b7fcaba1530721ffd56b2c06c8e78
- SHA1
  
  d81388f5f1900145ce798246a09f9c8c4873c3e4
- SHA256
  
  a564b6f55800989a8be0754dafd3bacd266f6a01c46dfa84b39b9951cd589f03
- SHA512
  
  c4d885a5822794eae06578bf67c7003f3c991fa7f7457fd6fd71a059f4357435139f9c4cbf845bda8e95285b3b91378bd56fdb142100e53300f11a45fa7a2474
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral19 behavioral20
- Target
  
  MarsSamples/a56fcfef8acfc51cdae41833d90e4b11b61aa151fddc5ecb31d197bcd2c27da5
- Size
  
  159KB
- MD5
  
  949fdececdb546d6a6fd04fa0c18a47d
- SHA1
  
  6bc571e10bb6df3831fb1f87c40772f4892a276d
- SHA256
  
  a56fcfef8acfc51cdae41833d90e4b11b61aa151fddc5ecb31d197bcd2c27da5
- SHA512
  
  772bdfe5ba5919a6abf37f078be4b91e71bb07de91a39ba871b531f6f97d74e0e6be4a78011999001c0a5f832dcdadf4839a87ccee22fbdeeac627059412d231
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral21 behavioral22
- Target
  
  MarsSamples/b09cc2593ffab58f1f4efe7819e5a8706e3e820e1b129f30f465866a26562a14
- Size
  
  159KB
- MD5
  
  0721b37ffaa0d68a674df29f056d67b0
- SHA1
  
  477e600248b8ccc044285115ead9d006b23199dd
- SHA256
  
  b09cc2593ffab58f1f4efe7819e5a8706e3e820e1b129f30f465866a26562a14
- SHA512
  
  b9afcc24a1a293bd2671739caf7cf8fcd99af320f7cf7d1e59e85dfd73ac876bb3f1227031c57cec6e440bef594537bd908f6f2ecef6556c04744f9de78ecc6e
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral23 behavioral24
- Target
  
  MarsSamples/b1b0be300d85d98bc103a1eae4993bbf848b339ec9240ca3799f5d1786d5bafe
- Size
  
  159KB
- MD5
  
  fb40d9b64e7e3459d4236a7a47adc31d
- SHA1
  
  d5969bae20f48f0421b01017e01ec38808ca4dc4
- SHA256
  
  b1b0be300d85d98bc103a1eae4993bbf848b339ec9240ca3799f5d1786d5bafe
- SHA512
  
  ff0a8d4bfe1c26bff86dfe9d1e8eb6f51b5e41101e6f82b94fbca8b13978607a86aa082c58d8cee716ef9fc2ae22fa1af9fc2aa1e76be0a4768e7b1c536dc32e
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral25 behavioral26
- Target
  
  MarsSamples/b318801ed5926156ce9440f49851b0cc0dd8e3178f1581b98257148bf2c223e7
- Size
  
  158KB
- MD5
  
  1b9e55ac0cce51fb690ee8d435207116
- SHA1
  
  3795450a965ae6601c3a0e16cd8f3d5b13147ea4
- SHA256
  
  b318801ed5926156ce9440f49851b0cc0dd8e3178f1581b98257148bf2c223e7
- SHA512
  
  2168b21de54cb02dd770d406c97fce4d87f6d8a14f39a57df0c7797880d225c401fec9a7f11396047a940ad36e4147f00bb9fe4b735d81a2cbde4abaab31aadb
Score

1^/10
behavioral27 behavioral28
- Target
  
  MarsSamples/b3ba3e17aea3cf91ad56fb400f47d8a20e3d442706e86b6844699f4bfcda9275
- Size
  
  160KB
- MD5
  
  d5d14a4a6ad98890d33decd28bc8ba23
- SHA1
  
  cdf8e78feb43a28cd77cd23bff19d6429e5f36f2
- SHA256
  
  b3ba3e17aea3cf91ad56fb400f47d8a20e3d442706e86b6844699f4bfcda9275
- SHA512
  
  63404ffd8413dfb1c7825fec7c54150218c54a31e2da0ab83354199c04cae11410902665c2815020102ce144b347ac627fc8b7c980dcc2cd6f4e637fd28dfcf8
Score

1^/10
behavioral29 behavioral30
- Target
  
  MarsSamples/baea9f80f8c646c5d267ee930f2fc4877066fbf1f8241436ef7be984c4de9500
- Size
  
  159KB
- MD5
  
  c380778a603c4d96a0e8c23dedf07924
- SHA1
  
  be011c42a54a9aff315ec68337585677a320afaa
- SHA256
  
  baea9f80f8c646c5d267ee930f2fc4877066fbf1f8241436ef7be984c4de9500
- SHA512
  
  b7ce13fc42b9ab27c1c5d44f3c5224a4e8a21c16293152ff9eb4df8af728bf6657ab3f6e73446a74a226460bb6aa53a49a7e1f4f64f218f22d906fa1440b6c73
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Generic gate .php GET with minimal headers

Reads user/profile data of web browsers

Arkei

Arkei

Arkei

suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Arkei

Arkei

Arkei

Arkei

Arkei

Arkei

Arkei

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32