arkei | e45414a2f8f7ca67e5438949f1ae1b6e0470007bcd8a55eb058cf87f6b078639 | Triage

Submit
Reports

Overview

overview

Static

static

cheat.exe

windows7-x64

cheat.exe

windows10-2004-x64

Sharing

General

Target

cheat.exe
Size

2.5MB
Sample

220719-pk572acaf8
MD5

09f2b519e22c52721d33d5c3c0ac1f5e
SHA1

b451e08f7d58118cf62c87f426dd95dda5aabd3e
SHA256

e45414a2f8f7ca67e5438949f1ae1b6e0470007bcd8a55eb058cf87f6b078639
SHA512

2cdf51fb04c5fae673d6d20cb3229e8c3fda932bf5a4ff167465d0d99407f1183792bb98dbf25d154d1fbc174a78e52da5bf38fae6fb82b6498fc2e50a6c1c5f

Score

10^/10

arkei default spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

cheat.exe

Resource

win7-20220718-en

arkei default spyware stealer suricata

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cheat.exe

Resource

win10v2004-20220718-en

arkei default spyware stealer suricata

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  cheat.exe
- Size
  
  2.5MB
- MD5
  
  09f2b519e22c52721d33d5c3c0ac1f5e
- SHA1
  
  b451e08f7d58118cf62c87f426dd95dda5aabd3e
- SHA256
  
  e45414a2f8f7ca67e5438949f1ae1b6e0470007bcd8a55eb058cf87f6b078639
- SHA512
  
  2cdf51fb04c5fae673d6d20cb3229e8c3fda932bf5a4ff167465d0d99407f1183792bb98dbf25d154d1fbc174a78e52da5bf38fae6fb82b6498fc2e50a6c1c5f
Score

10^/10

arkei default spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
  suricata
- suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
  suricata
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeidefaultspywarestealersuricata

behavioral2

arkeidefaultspywarestealersuricata

© 2018-2024

Terms | Privacy