arkei

General

Target

05c1db899e9fa8d5680ae0d7b235b1d9f0c8d70622dacca16dab257a18662137
Size

65KB
Sample

220527-vc31ladda5
MD5

eb15e7dcfca71d24302f712f93df60ad
SHA1

48515c1ec1feaf5c6d8cee57144b4c4ef32c8e8d
SHA256

05c1db899e9fa8d5680ae0d7b235b1d9f0c8d70622dacca16dab257a18662137
SHA512

2da3d0b0540ea50e043b83da91044da49822ef0dad416b29195ad221fd236b98a1195253eac61112c2a69dcfe2e00059ca0e6655713d02eaff5989c76f32dda1

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://nicoslag.ru/asdfg.exe

exe.dropper

http://nicoslag.ru/asdfg.exe

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  05c1db899e9fa8d5680ae0d7b235b1d9f0c8d70622dacca16dab257a18662137
- Size
  
  65KB
- MD5
  
  eb15e7dcfca71d24302f712f93df60ad
- SHA1
  
  48515c1ec1feaf5c6d8cee57144b4c4ef32c8e8d
- SHA256
  
  05c1db899e9fa8d5680ae0d7b235b1d9f0c8d70622dacca16dab257a18662137
- SHA512
  
  2da3d0b0540ea50e043b83da91044da49822ef0dad416b29195ad221fd236b98a1195253eac61112c2a69dcfe2e00059ca0e6655713d02eaff5989c76f32dda1
Score

10^/10

arkei default stealer suricata upx
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2