arkei | ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede | Triage

Submit
Reports

Overview

overview

Static

static

3

E39ACBAEA4...A9.exe

windows7-x64

E39ACBAEA4...A9.exe

windows10-2004-x64

Sharing

General

Target

E39ACBAEA47D5592A42E21A71316CA040F0D262384F158F2FA5A07AE004EEBA9.exe
Size

288KB
Sample

240724-2bdgwa1ark
MD5

cf7cb7a8070ac0ef36c77a03b5633cd0
SHA1

b4dd503ca58eb28a68e211ed625e190242a89d6c
SHA256

ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede
SHA512

8f3ae92fe3439df011f63e3e1fbd4c5588fca15854a8f00b3f7c35d3de6851a6bd1fa7f6f4872cffaee1edc853d621211576e753a3c75e1369e5640a30b2ae5c
SSDEEP

3072:Tgaq4w5DZjczpico2kC1covqOHjYEb12JjkPBc5bzIEi2l6GCH:XP+jPcrkC1coSOVbIJjAYJtp

Score

10^/10

arkei default aspackv2 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

E39ACBAEA47D5592A42E21A71316CA040F0D262384F158F2FA5A07AE004EEBA9.exe

Resource

win7-20240708-en

arkei default aspackv2 discovery stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

E39ACBAEA47D5592A42E21A71316CA040F0D262384F158F2FA5A07AE004EEBA9.exe

Resource

win10v2004-20240704-en

arkei default aspackv2 discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

coin-file-file-19.com/tratata.php

Targets

- Target
  
  E39ACBAEA47D5592A42E21A71316CA040F0D262384F158F2FA5A07AE004EEBA9.exe
- Size
  
  288KB
- MD5
  
  cf7cb7a8070ac0ef36c77a03b5633cd0
- SHA1
  
  b4dd503ca58eb28a68e211ed625e190242a89d6c
- SHA256
  
  ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede
- SHA512
  
  8f3ae92fe3439df011f63e3e1fbd4c5588fca15854a8f00b3f7c35d3de6851a6bd1fa7f6f4872cffaee1edc853d621211576e753a3c75e1369e5640a30b2ae5c
- SSDEEP
  
  3072:Tgaq4w5DZjczpico2kC1covqOHjYEb12JjkPBc5bzIEi2l6GCH:XP+jPcrkC1coSOVbIJjAYJtp
Score

10^/10

arkei default aspackv2 discovery stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

arkeidefaultaspackv2discoverystealer

behavioral2

arkeidefaultaspackv2discoverystealer

© 2018-2024

Terms | Privacy