Rewterz Threat Alert – ArkeiStealer – Active IOCs

Severity

High

Analysis Summary

Arkei Stealer is a type of malware that is used to steal sensitive information from infected computers. It is typically spread through phishing emails or through infected software or attachments. Once a computer is infected, Arkei Stealer can collect a variety of information, such as login credentials, credit card numbers, and other personal information. It may also be able to take screenshots, record keystrokes, and steal files from the infected computer. The stolen information is then typically sent to the attackers, who can use it for fraudulent activities such as identity theft. It is considered a highly dangerous type of malware, as it is able to steal sensitive information and can be difficult to detect and remove. It’s recommended to always keep your system and software up-to-date, use an anti-malware program and be cautious of suspicious emails and links to avoid getting infected by this or any other malware.

Impact

• Data Exfiltration
• Credential Theft
• Information Theft
• Financial Loss

Indicators of Compromise

MD5

• ffb737afdafc001d1cde6b2ea73e7766
• 8abfaae409bf39fee50815623157e2d1
• d2bb692ee404e793cfcb774e8c878d05
• b78f6a52585c44e913f1f36b24e2fc55
• f9c2e5090004f7443c29151429788a78
• 1751d7594be6ea432904805587fb23a8
• 3dbc3817050496871431db302ecb4ffc
• a39016d6379dbe90cc7e38dd22c0bd75
• fab26682ba1a848484d1b6ebda73106d

SHA-256

• 6e47a310f6e5d8032f5a6beb227009be5bfa3c878b2642b6f6bf975c6adfda8a
• b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b
• e9d91c295cd270dd97a7b07183a8e7c181ca6ba43a6a71251b9c6f4b19312b12
• d05909281684b70eafb7409e95744d4478735f115b4df2c61515fc2cfbca320a
• e8ce6cee6554f2699605da7a59abe4ff81d96c5f2e4066e2314ddac92363fdd3
• 6589bdf9c86bae4396d89769538a7ab15ae9050efcfb40998f668ee1ae881a2f
• 6511d09ada2bc11a95c06bd20abb66f450b9b2a6ed1f00c723401884ce7a2e61
• 90e7c78ca1612b6f6e0f2c25e00e4c73e9df86936a243a03a488a3b155334eea
• 79ec5b54ddd1cbc30d23e679fa8d1740884aa29e89f10a3020c559f893ab4790
• 4a09459d095915e4ea732d5fd9aa453e0a05603baa711696bcc9c9f479cbcecf

SHA-1

• 2170a0ae40e936d0b3fa5d2be9224d4ea23596e4
• 6e1f85d46a5141ad0eddc0894b4a01b65f38ce32
• 4eb75db0f1d7443b2d1b291c3114fcb63dd3cd0b
• 43ce466565c8471dd8f6a147ae281ffdad3c54fb
• 77f6bf5d39ef4025c59deb8cf419358745ef83a7
• 86dca9fcdcf8a3c40840c5dae97cb4de044de42a
• 5b5bbabc32224349467142385ae77b96a299a59a
• 512bd1217144b47c73ab0b7c06d0577adaa6fea5
• c0f7c0704bf5fc937fba2048c6c45ad25a970fde

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
• Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
• Patch and upgrade any platforms and software timely and make it into a standard security policy.