Resubmissions

14-10-2021 15:13

211014-slznesafgr 10

13-10-2021 11:15

211013-ncl9hsdggp 10

General

  • Target

    a9dea10c6d4d205faab1ac8db69384e9c3dc91fd5a718266957e4e164f76cd4a.bin

  • Size

    311KB

  • Sample

    211014-slznesafgr

  • MD5

    0050729426253655c88625a8ad93d7a2

  • SHA1

    a8ea376bc26eba3ff32e72cb2bf43cccfa1c87d7

  • SHA256

    a9dea10c6d4d205faab1ac8db69384e9c3dc91fd5a718266957e4e164f76cd4a

  • SHA512

    1947c78aba1933c3da2eed125d760bf7c4b3bf75a113139a22db0d2f1e1e3e8b4640c0330b5220712275884567daf9548467a96747fb550fc8cb24dfc989d37c

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://game2030.link/ggate.php

Targets

    • Target

      a9dea10c6d4d205faab1ac8db69384e9c3dc91fd5a718266957e4e164f76cd4a.bin

    • Size

      311KB

    • MD5

      0050729426253655c88625a8ad93d7a2

    • SHA1

      a8ea376bc26eba3ff32e72cb2bf43cccfa1c87d7

    • SHA256

      a9dea10c6d4d205faab1ac8db69384e9c3dc91fd5a718266957e4e164f76cd4a

    • SHA512

      1947c78aba1933c3da2eed125d760bf7c4b3bf75a113139a22db0d2f1e1e3e8b4640c0330b5220712275884567daf9548467a96747fb550fc8cb24dfc989d37c

    • Arkei

      Arkei is an infostealer written in C++.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Arkei Stealer Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks