arkei | 960a8b99ffcc13827dbf38256c81cf5b8a37e4308b526713445080d2b096fbc0 | Triage

Sharing

General

Target

3c3156de49276bfcb908126759ea0f7e
Size

1.1MB
Sample

240101-ht7nwsdegp
MD5

3c3156de49276bfcb908126759ea0f7e
SHA1

3b580fa227336f11512e592c99040db279352e92
SHA256

960a8b99ffcc13827dbf38256c81cf5b8a37e4308b526713445080d2b096fbc0
SHA512

429ea2f4bd883144f730223e97085ab2dd646155efb668e446f836337937b9af1c2532ba4b04ce43040b9fbf2f4fe1c68c28fdc4c0b9ba300a396fed79e497b1
SSDEEP

24576:3Ia4wNu3SaZYo+51mnW0Lj7oBj3bqoWVomcqBoG:351uCr10j7oBj3mLVlcqBo

Score

10^/10

arkei spyware stealer

Malware Config

Extracted

Family

arkei

C2

185.241.52.252/qRdXmPWvrh.php

Targets

- Target
  
  3c3156de49276bfcb908126759ea0f7e
- Size
  
  1.1MB
- MD5
  
  3c3156de49276bfcb908126759ea0f7e
- SHA1
  
  3b580fa227336f11512e592c99040db279352e92
- SHA256
  
  960a8b99ffcc13827dbf38256c81cf5b8a37e4308b526713445080d2b096fbc0
- SHA512
  
  429ea2f4bd883144f730223e97085ab2dd646155efb668e446f836337937b9af1c2532ba4b04ce43040b9fbf2f4fe1c68c28fdc4c0b9ba300a396fed79e497b1
- SSDEEP
  
  24576:3Ia4wNu3SaZYo+51mnW0Lj7oBj3bqoWVomcqBoG:351uCr10j7oBj3mLVlcqBo
Score

10^/10

arkei spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

arkeispywarestealer

behavioral2

arkeispywarestealer