arkei | d080f227320c4939dd03587024c17583d8fe7b589e45502f8ee905ecb33d626a | Triage

Submit
Reports

Overview

overview

Static

static

boomclnr.exe

windows7_x64

boomclnr.exe

windows10-2004_x64

Sharing

General

Target

boomclnr.exe
Size

338KB
Sample

220626-f2xgsaaeb7
MD5

7eb3288cf5a21f9e579741af49ce65aa
SHA1

15ee11f73dd90eb20e5dcca2ad8fac94f93a91c1
SHA256

d080f227320c4939dd03587024c17583d8fe7b589e45502f8ee905ecb33d626a
SHA512

e733a472ed1c2d3e848fc12eaab52a877a4e81382bba85674d061b0e34060186377e5399b9d67596fca1fe0813d1c960a851702abbac015955bc18df7cc5012a

Score

10^/10

arkei default discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

boomclnr.exe

Resource

win7-20220414-en

arkei default discovery spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

boomclnr.exe

Resource

win10v2004-20220414-en

arkei default stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  boomclnr.exe
- Size
  
  338KB
- MD5
  
  7eb3288cf5a21f9e579741af49ce65aa
- SHA1
  
  15ee11f73dd90eb20e5dcca2ad8fac94f93a91c1
- SHA256
  
  d080f227320c4939dd03587024c17583d8fe7b589e45502f8ee905ecb33d626a
- SHA512
  
  e733a472ed1c2d3e848fc12eaab52a877a4e81382bba85674d061b0e34060186377e5399b9d67596fca1fe0813d1c960a851702abbac015955bc18df7cc5012a
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealersuricata

behavioral2

arkeidefaultstealer

© 2018-2024

Terms | Privacy