arkei | 119c638ebfa6bfa3e479b9c605697878150dd88bf48e741ca06e0c21a5dc64b5 | Triage

Sharing

General

Target

220310-pbzznaegb9_pw_infected.zip.zip
Size

921KB
Sample

230223-cjr8kagc7y
MD5

b916157d0d8b1416b6bbbd8e7736c283
SHA1

a8eccd6a4bca9f0e013569ccf499f1bafd1cf4a6
SHA256

119c638ebfa6bfa3e479b9c605697878150dd88bf48e741ca06e0c21a5dc64b5
SHA512

2bd5584a0679a4c4ec84e366336112e3bece1a7c2ba7f22b8586caf4412077771995c00facf3de448078fc5a5a815da96d7ce1c978e023bda38db4d70fab4199
SSDEEP

12288:Jhb/RxXxseeUgdJQmP8rU9vdjq6AlB3nhy3lhDawX+wojrdp5xFVXlqdfpA4OQp9:JhbJJxshdKmPFvdG33h2a7ZUOQjn

Score

10^/10

arkei default stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

tommytshop.com/KNOuG8qeID.php

Targets

- Target
  
  YjreQbD
- Size
  
  990KB
- MD5
  
  f0ee6ef61625a24692eb732cbae38181
- SHA1
  
  b0b3947af97884acb97f5bd7adec93174909723c
- SHA256
  
  9ed18a0b5e15bd4ecb73c5428e208b5d1b162274cfb0d6c62f7b5c3a04ec4d56
- SHA512
  
  f55a977927704fd37e280b3209e2c2512b6f46716a0d85622940b9eb158a0587eb45ec4f4575df97b69a68ee0730fc9a8ebf5a78e5832eceb33758732f707434
- SSDEEP
  
  24576:z7WQaGJy0sHg3fyKXLrlX1vFO88UbPdZYLP:WuJ3sA5MoBZ2
Score

10^/10

arkei default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

arkeidefaultstealer