Overview

overview

10

Static

static

04584608ef...e2.exe

windows7_x64

10

04584608ef...e2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    190s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-05-2022 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2.exe

  • Size

    279KB

  • MD5

    4fd121e01b83bf7710685da75853564a

  • SHA1

    83b3a576b0fb8b5bdc0ba03d07ecb06d5c5bcdc0

  • SHA256

    04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2

  • SHA512

    835b3f714e9599703d789aa4c51d6cf814034b7581be5ba6873efcddd232ab94cb2499abde576fa85c00b96477a9e88395617db21dc802a03c4a9c484273849a

Score
10/10
arkeidafaultstealer

Malware Config

Extracted

Family

arkei

Botnet

Dafault

C2

http://googr.link/gate1.php

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2.exe
    "C:\Users\Admin\AppData\Local\Temp\04584608efe95878a3a9bb3db4173fc4570475a281e1de046b043ab43f364ae2.exe"
    1⤵
      PID:4732
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 560
        2⤵
        • Program crash
        PID:4372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4732 -ip 4732
      1⤵
        PID:3444

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4732-130-0x000000000052E000-0x0000000000541000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4732-131-0x00000000021A0000-0x00000000021BF000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4732-132-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/4732-133-0x000000000052E000-0x0000000000541000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4732-134-0x00000000021A0000-0x00000000021BF000-memory.dmp

        Filesize

        124KB

        Download

      • memory/4732-135-0x000000000052E000-0x0000000000541000-memory.dmp

        Filesize

        76KB

        Download

      • memory/4732-136-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download