arkei | 8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432 | Triage

Submit
Reports

Overview

overview

Static

static

8c3ba6d3a6...32.exe

windows7-x64

3

8c3ba6d3a6...32.exe

windows10-2004-x64

Sharing

General

Target

8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432
Size

12KB
Sample

220723-a83pgsahg5
MD5

daeed15b76005f0165fbd4781e47b2f6
SHA1

148fd184577272f94f1f54e27805d795524c1f85
SHA256

8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432
SHA512

ef0e5bfc7447e0c878eca60724c63682ac8479de431097db5ca96d4ed7fd8e26657160038431530111cadc843ba7b50638baeca76d130e29a7a829b21c75d1cd

Score

10^/10

arkei default spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432.exe

Resource

win7-20220718-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432.exe

Resource

win10v2004-20220721-en

arkei default spyware stealer suricata

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432
- Size
  
  12KB
- MD5
  
  daeed15b76005f0165fbd4781e47b2f6
- SHA1
  
  148fd184577272f94f1f54e27805d795524c1f85
- SHA256
  
  8c3ba6d3a6f3968bbcae8a8ae035d0b1ab8425ca4797900f43d996a2c1839432
- SHA512
  
  ef0e5bfc7447e0c878eca60724c63682ac8479de431097db5ca96d4ed7fd8e26657160038431530111cadc843ba7b50638baeca76d130e29a7a829b21c75d1cd
Score

10^/10

arkei default spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4
  suricata
- suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata: ET MALWARE Generic gate .php GET with minimal headers
  suricata
- suricata: ET MALWARE Possible Windows executable sent when remote host claims to send html content
  suricata: ET MALWARE Possible Windows executable sent when remote host claims to send html content
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

arkeidefaultspywarestealersuricata

© 2018-2024

Terms | Privacy