arkei | 3f0841eff18ab98e2614071d89619c1fb84e653cb1c524384801bdf00d7e9d42 | Triage

Sharing

General

Target

f3b2c0e21faa2d771b315cfda97a4c32
Size

2.5MB
Sample

220603-ap8rdsgcak
MD5

f3b2c0e21faa2d771b315cfda97a4c32
SHA1

806b920c7c0299ffa9fbe4c94825d0313381927f
SHA256

3f0841eff18ab98e2614071d89619c1fb84e653cb1c524384801bdf00d7e9d42
SHA512

6c0503c9523027ebc2c4363e2d3aef39c513316aaf69bdf5f660112a1f3f1371ca20d5f8f134485ee573076084592ace1bc5e1056c8d645e010bb6b2267b19b2

Score

10^/10

arkei default stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://jsdkca.link/518855.php

Targets

- Target
  
  f3b2c0e21faa2d771b315cfda97a4c32
- Size
  
  2.5MB
- MD5
  
  f3b2c0e21faa2d771b315cfda97a4c32
- SHA1
  
  806b920c7c0299ffa9fbe4c94825d0313381927f
- SHA256
  
  3f0841eff18ab98e2614071d89619c1fb84e653cb1c524384801bdf00d7e9d42
- SHA512
  
  6c0503c9523027ebc2c4363e2d3aef39c513316aaf69bdf5f660112a1f3f1371ca20d5f8f134485ee573076084592ace1bc5e1056c8d645e010bb6b2267b19b2
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeidefaultstealer

behavioral2