arkei | b34170c638c226b607143d245b15d215fb9ba7bcf05db48967b158841509e250 | Triage

Sharing

General

Target

7a6beb3d6b5da7f3c02504f7bac4699b
Size

417KB
Sample

240127-q611waded3
MD5

7a6beb3d6b5da7f3c02504f7bac4699b
SHA1

0a0b99ca58be23b6f7fb12bf00e648206a5ebb76
SHA256

b34170c638c226b607143d245b15d215fb9ba7bcf05db48967b158841509e250
SHA512

8940b62eca262aff977823fe566542f348d4d2a96c71966677b49ab2bd9a71e32d0e2eea3085df4f9473a9c80c58ff3c3e5aeea2cb57c5403c9cb7f16050a575
SSDEEP

6144:QDXIE3wQQBHndOMlhWmm6zcd6HyflDZDk7K4Ps/dq9fbwwhkiKXmO4E5OLyGhK8W:QTYn1PBmD7Lo7KIslSfMvj94jLNS

Score

10^/10

arkei evasion stealer trojan

Malware Config

Extracted

Family

arkei

C2

5.183.8.234/IRfCMp83ZJ.php

Targets

- Target
  
  7a6beb3d6b5da7f3c02504f7bac4699b
- Size
  
  417KB
- MD5
  
  7a6beb3d6b5da7f3c02504f7bac4699b
- SHA1
  
  0a0b99ca58be23b6f7fb12bf00e648206a5ebb76
- SHA256
  
  b34170c638c226b607143d245b15d215fb9ba7bcf05db48967b158841509e250
- SHA512
  
  8940b62eca262aff977823fe566542f348d4d2a96c71966677b49ab2bd9a71e32d0e2eea3085df4f9473a9c80c58ff3c3e5aeea2cb57c5403c9cb7f16050a575
- SSDEEP
  
  6144:QDXIE3wQQBHndOMlhWmm6zcd6HyflDZDk7K4Ps/dq9fbwwhkiKXmO4E5OLyGhK8W:QTYn1PBmD7Lo7KIslSfMvj94jLNS
Score

10^/10

arkei evasion stealer trojan
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

arkeievasionstealertrojan

behavioral2

arkeievasionstealertrojan