{
	"id": "442124b6-7d1d-4776-a4e1-dd6fe9c34dc3",
	"created_at": "2026-04-06T00:19:01.993752Z",
	"updated_at": "2026-04-10T03:21:15.975278Z",
	"deleted_at": null,
	"sha1_hash": "6d4f9a36cf35d8ed43009c53fc6452f7bccf33cb",
	"title": "en_arkei_stealer_technical_analysis_report.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31741,
	"plain_text": "en_arkei_stealer_technical_analysis_report.pdf\r\nArchived: 2026-04-05 22:32:29 UTC\r\nSida 2 av 43\r\ni\r\nContents\r\nWHAT IS ARKEI\r\n....................................................................................................................................................................................... 1\r\nANALYSIS OF DTPDZGZ1HO.EXE\r\n.............................................................................................................................................................. 2\r\nOVERVIEW ............................................................................................................................................................. 2\r\nDETAILED ANALYSIS.................................................................................................................................................. 4\r\nANALYSIS OF STAGE-2............................................................................................................................................................................. 7\r\nOVERVIEW ............................................................................................................................................................. 7\r\nDETAILED ANALYSIS.................................................................................................................................................. 7\r\nANALYSIS OF STAGE-3........................................................................................................................................................................... 11\r\nOVERVIEW ........................................................................................................................................................... 11\r\nDETAILED ANALYSIS................................................................................................................................................ 11\r\nTELEGRAM ADDRESSES ........................................................................................................................................... 15\r\nANALYSIS OF 4KSOA92JSAL.EXE\r\n............................................................................................................................................................ 20\r\nOVERVIEW ........................................................................................................................................................... 20\r\nDETAILED ANALYSIS................................................................................................................................................ 20\r\nANALYSIS OF STAGE-5........................................................................................................................................................................... 23\r\nOVERVIEW ........................................................................................................................................................... 23\r\nDETAILED ANALYSIS................................................................................................................................................ 23\r\nhttps://drive.google.com/file/d/1wTH-BZrjxEBZwCnXJ3pQWGB7ou0IoBEr/view\r\nPage 1 of 2\n\nANALYSIS OF\r\nPUNPUN.EXE....................................................................................................................................................................\r\n26\r\nOVERVIEW. .......................................................................................................................................................... 26\r\nDETAILED ANALYSIS................................................................................................................................................ 26\r\nANALYSIS OF\r\nINFODEBUG.EXE...............................................................................................................................................................\r\n28\r\nOVERVIEW ........................................................................................................................................................... 28\r\nANALYSIS OF STAGE-8........................................................................................................................................................................... 29\r\nOVERVIEW ........................................................................................................................................................... 29\r\nSTAGE-9 (DONUTLOADER\r\nVARIANT)...................................................................................................................................................... 30\r\nOVERVIEW ........................................................................................................................................................... 30\r\nSTAGE-10\r\n(REDLINE)..............................................................................................................................................................................\r\n31\r\nOVERVIEW ........................................................................................................................................................... 31\r\nYARA\r\nRULES..........................................................................................................................................................................................\r\n32\r\nMITRE ATTACK TABLE\r\n........................................................................................................................................................................... 40\r\nSOLUTION OFFERS\r\n................................................................................................................................................................................ 40\r\nPREPARED\r\nBY........................................................................................................................................................................................\r\n41\r\nSource: https://drive.google.com/file/d/1wTH-BZrjxEBZwCnXJ3pQWGB7ou0IoBEr/view\r\nhttps://drive.google.com/file/d/1wTH-BZrjxEBZwCnXJ3pQWGB7ou0IoBEr/view\r\nPage 2 of 2",
	"extraction_quality": 0.8855626119524508,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://drive.google.com/file/d/1wTH-BZrjxEBZwCnXJ3pQWGB7ou0IoBEr/view"
	],
	"report_names": [
		"view"
	],
	"threat_actors": [],
	"ts_created_at": 1775434741,
	"ts_updated_at": 1775791275,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6d4f9a36cf35d8ed43009c53fc6452f7bccf33cb.pdf",
		"text": "https://archive.orkl.eu/6d4f9a36cf35d8ed43009c53fc6452f7bccf33cb.txt",
		"img": "https://archive.orkl.eu/6d4f9a36cf35d8ed43009c53fc6452f7bccf33cb.jpg"
	}
}