arkei | 6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d
Size

159KB
Sample

220615-vledlabdg4
MD5

e109ffd6170183fc6e8ab7fcbf07d9f6
SHA1

6727234317ee5318ef83fbef4b0cf2510e262405
SHA256

6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d
SHA512

138ca2a6c3b1e67b9d6e849e66850fa3b187e89c780156582446fa602b615e684585157d524283010115e4c748d58985c2c1252e0db623513ba098ba116c3c6c

Score

10^/10

arkei default discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d.exe

Resource

win10v2004-20220414-en

arkei default discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d
- Size
  
  159KB
- MD5
  
  e109ffd6170183fc6e8ab7fcbf07d9f6
- SHA1
  
  6727234317ee5318ef83fbef4b0cf2510e262405
- SHA256
  
  6f943d65dcd851c0f5209915f9da7937b474fe40cb3da03579916ebb4f192e5d
- SHA512
  
  138ca2a6c3b1e67b9d6e849e66850fa3b187e89c780156582446fa602b615e684585157d524283010115e4c748d58985c2c1252e0db623513ba098ba116c3c6c
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
  suricata
- suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealersuricata

© 2018-2025

Terms | Privacy