Overview

overview

10

Static

static

1

YjreQbD.exe

windows7-x64

7

YjreQbD.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    220310-pbzznaegb9_pw_infected.zip.zip

  • Size

    921KB

  • Sample

    230223-cjr8kagc7y

  • MD5

    b916157d0d8b1416b6bbbd8e7736c283

  • SHA1

    a8eccd6a4bca9f0e013569ccf499f1bafd1cf4a6

  • SHA256

    119c638ebfa6bfa3e479b9c605697878150dd88bf48e741ca06e0c21a5dc64b5

  • SHA512

    2bd5584a0679a4c4ec84e366336112e3bece1a7c2ba7f22b8586caf4412077771995c00facf3de448078fc5a5a815da96d7ce1c978e023bda38db4d70fab4199

  • SSDEEP

    12288:Jhb/RxXxseeUgdJQmP8rU9vdjq6AlB3nhy3lhDawX+wojrdp5xFVXlqdfpA4OQp9:JhbJJxshdKmPFvdG33h2a7ZUOQjn

Score
10/10
arkeidefaultstealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

tommytshop.com/KNOuG8qeID.php

Targets

    • Target

      YjreQbD

    • Size

      990KB

    • MD5

      f0ee6ef61625a24692eb732cbae38181

    • SHA1

      b0b3947af97884acb97f5bd7adec93174909723c

    • SHA256

      9ed18a0b5e15bd4ecb73c5428e208b5d1b162274cfb0d6c62f7b5c3a04ec4d56

    • SHA512

      f55a977927704fd37e280b3209e2c2512b6f46716a0d85622940b9eb158a0587eb45ec4f4575df97b69a68ee0730fc9a8ebf5a78e5832eceb33758732f707434

    • SSDEEP

      24576:z7WQaGJy0sHg3fyKXLrlX1vFO88UbPdZYLP:WuJ3sA5MoBZ2

    Score
    10/10
    arkeidefaultstealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks