arkei | 2abbcd5d385b7cdc83501108ff4da444c6f8f46d25fe50bdf399c04349ffd879 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2024 02:14

Sharing

Report Analysis Logs

General

Target

da6d203790f157245382aeb9e10a84d6.exe
Size

184KB
MD5

da6d203790f157245382aeb9e10a84d6
SHA1

6961814ac12ed647a2c3c244a9395aef5d6a66cf
SHA256

2abbcd5d385b7cdc83501108ff4da444c6f8f46d25fe50bdf399c04349ffd879
SHA512

694724c56d0331cfd3eb5b618541eec500948fe0ee6b7ae839cc36d7570854f371c26d93b7672521ee1ee6194bfce7beb0418a098b1cc0b4bd4657d84bc6de2d
SSDEEP

3072:tONLhEWJeezIRiQ38iBNoYXRbhTZ503KT0yB3N:t+EWxzE9sW7nT3v

Score

10^/10

arkei stealer

Malware Config

Extracted

Family

arkei

C2

141.95.23.6/kESK2FZqwB.php

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4040 2532 WerFault.exe da6d203790f157245382aeb9e10a84d6.exe

C:\Users\Admin\AppData\Local\Temp\da6d203790f157245382aeb9e10a84d6.exe
"C:\Users\Admin\AppData\Local\Temp\da6d203790f157245382aeb9e10a84d6.exe"
1⤵
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 556
2⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2532 -ip 2532
1⤵
PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2532-1-0x0000000002CD0000-0x0000000002DD0000-memory.dmp

Filesize
1024KB

Download
memory/2532-2-0x0000000004A20000-0x0000000004A39000-memory.dmp

Filesize
100KB

Download
memory/2532-3-0x0000000000400000-0x0000000002CBC000-memory.dmp

Filesize
40.7MB

Download
memory/2532-5-0x0000000000400000-0x0000000002CBC000-memory.dmp

Filesize
40.7MB

Download