arkei | f851ddeee624abef2d0312ae780d5c303303b9119afd01dc81c80aa59d97f9c6 | Triage

Analysis

max time kernel
137s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
28-05-2022 02:43

Sharing

Report Analysis Logs

General

Target

7510de1e9d09ce8de6bcd0bd4cbb7f50306b3f04353559a8e338a561be8005f2.exe
Size

312KB
MD5

d6ed2c89b2c6fe821da17fd5b9a0fbff
SHA1

08c2bb522f901d95b08a77f488af38f1b2d71603
SHA256

7510de1e9d09ce8de6bcd0bd4cbb7f50306b3f04353559a8e338a561be8005f2
SHA512

6bf632484fc8f31606c9539129cb4996450a46212877a2e958c19f2cb0da14bc94c63ceeb4fcf43a0af2185a7e0ef810f9202a8fdf2d5b4c6424db7a1025b507

Score

10^/10

arkei default stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://wooe.link/548152.php

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2372 2588 WerFault.exe 7510de1e9d09ce8de6bcd0bd4cbb7f50306b3f04353559a8e338a561be8005f2.exe

C:\Users\Admin\AppData\Local\Temp\7510de1e9d09ce8de6bcd0bd4cbb7f50306b3f04353559a8e338a561be8005f2.exe
"C:\Users\Admin\AppData\Local\Temp\7510de1e9d09ce8de6bcd0bd4cbb7f50306b3f04353559a8e338a561be8005f2.exe"
1⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 556
2⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2588 -ip 2588
1⤵
PID:3248

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2588-130-0x0000000001A60000-0x0000000001A73000-memory.dmp

Filesize
76KB

Download
memory/2588-131-0x0000000001A90000-0x0000000001AAF000-memory.dmp

Filesize
124KB

Download
memory/2588-132-0x0000000000400000-0x000000000191E000-memory.dmp

Filesize
21.1MB

Download
memory/2588-133-0x0000000000400000-0x000000000191E000-memory.dmp

Filesize
21.1MB

Download