arkei | 5a67a83b9a2c7fe60a27aad00292c99cb615d4f3d4bee467d084449f9d2ea976 | Triage

Sharing

General

Target

919d2103a46f8c249444a2526f5b714c_JaffaCakes118
Size

1.3MB
Sample

240813-e4akcsyhmr
MD5

919d2103a46f8c249444a2526f5b714c
SHA1

f9795556bfceb8ab03ecf99d944adc5e5e11c781
SHA256

5a67a83b9a2c7fe60a27aad00292c99cb615d4f3d4bee467d084449f9d2ea976
SHA512

09195255509e95969257ae4eaefa1234aa6a09690015469d48c82326d45a1134b5b40387f917b61f886b7e0f86095f06d665473644a87cf19be2dac921f028af
SSDEEP

12288:Kle/iOzALdgQq0gVY/epKOM6YHGeZ07I/nh/XgCL4XKPXPiXuHNH/b6bH/zx/S3w:KleaOzALdx/cKObpeZ07q3m/u7vY

Score

10^/10

arkei default discovery stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

185.215.113.75/NeJDVHw9yu.php

Targets

- Target
  
  919d2103a46f8c249444a2526f5b714c_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  919d2103a46f8c249444a2526f5b714c
- SHA1
  
  f9795556bfceb8ab03ecf99d944adc5e5e11c781
- SHA256
  
  5a67a83b9a2c7fe60a27aad00292c99cb615d4f3d4bee467d084449f9d2ea976
- SHA512
  
  09195255509e95969257ae4eaefa1234aa6a09690015469d48c82326d45a1134b5b40387f917b61f886b7e0f86095f06d665473644a87cf19be2dac921f028af
- SSDEEP
  
  12288:Kle/iOzALdgQq0gVY/epKOM6YHGeZ07I/nh/XgCL4XKPXPiXuHNH/b6bH/zx/S3w:KleaOzALdx/cKObpeZ07q3m/u7vY
Score

10^/10

arkei default discovery stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeidefaultdiscoverystealer

behavioral2

arkeidefaultdiscoverystealer