Overview

overview

10

Static

static

3702b5512d...39.exe

windows7_x64

10

3702b5512d...39.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    116s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-05-2022 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3702b5512d3d37bce8f288b800d11743b6f3a280df0d40aa57cd5080dffb1839.exe

  • Size

    305KB

  • MD5

    9242422a8bb443b9997a7606311a65a9

  • SHA1

    a06cba7a08bd4c14e4e9655fedd584c9f2bd6093

  • SHA256

    3702b5512d3d37bce8f288b800d11743b6f3a280df0d40aa57cd5080dffb1839

  • SHA512

    c086ae7cf2b1b39a00106dd7bec75e283cc0d7f054d7893251109981381a9e7a08eb9e891b90bd16c50c56af6141d6bf7fc82fd38ab312491f8a835aa372df24

Score
10/10
arkeidafaultstealer

Malware Config

Extracted

Family

arkei

Botnet

Dafault

C2

http://saskatche.link/gate1.php

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3702b5512d3d37bce8f288b800d11743b6f3a280df0d40aa57cd5080dffb1839.exe
    "C:\Users\Admin\AppData\Local\Temp\3702b5512d3d37bce8f288b800d11743b6f3a280df0d40aa57cd5080dffb1839.exe"
    1⤵
      PID:832
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 556
        2⤵
        • Program crash
        PID:3560
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 832 -ip 832
      1⤵
        PID:3064

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/832-130-0x0000000002DD0000-0x0000000002DE3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/832-131-0x0000000004990000-0x00000000049AF000-memory.dmp

        Filesize

        124KB

        Download

      • memory/832-132-0x0000000000400000-0x0000000002C31000-memory.dmp

        Filesize

        40.2MB

        Download

      • memory/832-133-0x0000000000400000-0x0000000002C31000-memory.dmp

        Filesize

        40.2MB

        Download

      • memory/832-134-0x0000000000400000-0x0000000002C31000-memory.dmp

        Filesize

        40.2MB

        Download