arkei | 386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2 | Triage

Sharing

General

Target

3c0ff1476f4da58cc85553ab15fa03cc
Size

100KB
Sample

240101-gnpepafde6
MD5

3c0ff1476f4da58cc85553ab15fa03cc
SHA1

b74fc29e44fd167f17f8e75f74bbc8fe1cf35d0e
SHA256

386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2
SHA512

ee9542916a4411dd035618c71c5407f249d2e02dbe2b979b9cfd69960bd41402d0f9edf9af61a50b4ecd75eeb3da8d896654a70fa46426690ca8926e0697061f
SSDEEP

1536:TGnHF3PKBF8cRjz1HR9HlKGDnIiRlgrquiZ7HxGIo3/e7pKGPXlagvH0Lraw3Rpl:TGnHF3P8u4VpDL/laSUjGU6xr9r0

Score

10^/10

arkei installs#1 stealer

Malware Config

Extracted

Family

arkei

Botnet

installs#1

C2

91.245.225.43/NES9pWl5eL.php

Targets

- Target
  
  3c0ff1476f4da58cc85553ab15fa03cc
- Size
  
  100KB
- MD5
  
  3c0ff1476f4da58cc85553ab15fa03cc
- SHA1
  
  b74fc29e44fd167f17f8e75f74bbc8fe1cf35d0e
- SHA256
  
  386cb4a88b5c465c29db7093db94fe6b8e30bb41c2d994569b1fc05d9b1b82d2
- SHA512
  
  ee9542916a4411dd035618c71c5407f249d2e02dbe2b979b9cfd69960bd41402d0f9edf9af61a50b4ecd75eeb3da8d896654a70fa46426690ca8926e0697061f
- SSDEEP
  
  1536:TGnHF3PKBF8cRjz1HR9HlKGDnIiRlgrquiZ7HxGIo3/e7pKGPXlagvH0Lraw3Rpl:TGnHF3P8u4VpDL/laSUjGU6xr9r0
Score

10^/10

arkei stealer installs#1
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

arkeiinstalls#1stealer