arkei | 75c6768b31d4102a990350bd2edf55dc5616217bd26cfb3d8b0395c59cdfa1b5 | Triage

Submit
Reports

Overview

overview

Static

static

Anwuqahped...cy.exe

windows7_x64

Anwuqahped...cy.exe

windows10-2004_x64

Sharing

General

Target

Anwuqahpedbnnlsgekmacy.bin.zip
Size

568KB
Sample

220707-fcfsqsfdb9
MD5

c1063f2c482b8d51c2adc6724ba7291b
SHA1

4f1a23bf912e95989e56f766a7650552886694d7
SHA256

75c6768b31d4102a990350bd2edf55dc5616217bd26cfb3d8b0395c59cdfa1b5
SHA512

b2a2ae8c6f41feca8e992e2a4b3dad437fece0daa97a549bd422148ca5a42288e5a0de5311d47956c204c161288ecd0db971a0cae4274c8b1df380507174d2b0

Score

10^/10

arkei default spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Anwuqahpedbnnlsgekmacy.exe

Resource

win7-20220414-en

arkei default spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Anwuqahpedbnnlsgekmacy.exe

Resource

win10v2004-20220414-en

arkei default stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  Anwuqahpedbnnlsgekmacy.bin
- Size
  
  576KB
- MD5
  
  6033fc2cf6e73f5ca5cf76206d4f2232
- SHA1
  
  a01fae21dfd9319f332c3cb717f8a8467514e8ce
- SHA256
  
  eaa5fb40a306c308eead3848fe6b4c16c7b271ddc63a89cc876b54248f8b1d08
- SHA512
  
  795df2b76dd23c09e5e90d1b5f2f4b88d1be8b44eb072001fb1bdfca210a6106a38cdafdc4df4e429f7acbbf5c8be3fe093e906280571acbf4458c9c6563233a
Score

10^/10

arkei default spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultspywarestealersuricata

behavioral2

arkeidefaultstealersuricata

© 2018-2024

Terms | Privacy