arkei | 884b3ccd012883b6d74cb4482bd553407c5b53b741d84ce6d87850254f74298f | Triage

Submit
Reports

Overview

overview

Static

static

AtomicWall...up.bat

windows7-x64

8

AtomicWall...up.bat

windows10-2004-x64

Sharing

General

Target

AtomicWallet-Setup.bat
Size

22KB
Sample

220802-3yn3kadab4
MD5

17204bcbc62deab8d5253c0b4d7e87e9
SHA1

c9766e880155869ac3eaad22382db9ec06a92be3
SHA256

884b3ccd012883b6d74cb4482bd553407c5b53b741d84ce6d87850254f74298f
SHA512

e1f58413373a095c1bc3d6eb4e007bb715d26f583c193f3762903cba63fc856e9daec1e3a81474ab8aab487f3ac1e6eba1db1f242e42d33abbedbd61ff3169d6

Score

10^/10

arkei default discovery evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

AtomicWallet-Setup.bat

Resource

win7-20220718-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

AtomicWallet-Setup.bat

Resource

win10v2004-20220721-en

arkei default discovery evasion spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  AtomicWallet-Setup.bat
- Size
  
  22KB
- MD5
  
  17204bcbc62deab8d5253c0b4d7e87e9
- SHA1
  
  c9766e880155869ac3eaad22382db9ec06a92be3
- SHA256
  
  884b3ccd012883b6d74cb4482bd553407c5b53b741d84ce6d87850254f74298f
- SHA512
  
  e1f58413373a095c1bc3d6eb4e007bb715d26f583c193f3762903cba63fc856e9daec1e3a81474ab8aab487f3ac1e6eba1db1f242e42d33abbedbd61ff3169d6
Score

10^/10

evasion arkei default discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

arkeidefaultdiscoveryevasionspywarestealer

© 2018-2025

Terms | Privacy