52241b7a6707a79755e1386a26bce09c.exe

General
Target

52241b7a6707a79755e1386a26bce09c.exe

Size

502KB

Sample

211021-wpq28sbecm

Score
10 /10
MD5

52241b7a6707a79755e1386a26bce09c

SHA1

bd2f102d6f10cde689835418f213db6b0713c2cd

SHA256

0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388

SHA512

b4f781a8344d9db9ba3ee6d54c9a2c614a3b0699c05f527b1cfd22775613c8f902eb95553b7f3a56b8a1b5b6b7715b0491159d8bcc9dc712129512551d65ea05

Malware Config

Extracted

Family fickerstealer
C2

game2030.site:80

Extracted

Family arkei
Botnet Default
C2

http://gurums.online/ggate.php

Targets
Target

52241b7a6707a79755e1386a26bce09c.exe

MD5

52241b7a6707a79755e1386a26bce09c

Filesize

502KB

Score
10/10
SHA1

bd2f102d6f10cde689835418f213db6b0713c2cd

SHA256

0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388

SHA512

b4f781a8344d9db9ba3ee6d54c9a2c614a3b0699c05f527b1cfd22775613c8f902eb95553b7f3a56b8a1b5b6b7715b0491159d8bcc9dc712129512551d65ea05

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • Fickerstealer

    Description

    Ficker is an infostealer written in Rust and ASM.

    Tags

  • suricata: ET MALWARE Win32/Ficker Stealer Activity M3

    Description

    suricata: ET MALWARE Win32/Ficker Stealer Activity M3

    Tags

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation