General

  • Target

    b2521c053ca4b41e1e6ee8e66a93010fee0a0303f01958272f470667e87bbde2

  • Size

    316KB

  • Sample

    220114-2ewgvsahh2

  • MD5

    a462b89517f859a66881609c088f3f74

  • SHA1

    0b17d47d74448af3c4554a40467d0489ee2dbd2d

  • SHA256

    b2521c053ca4b41e1e6ee8e66a93010fee0a0303f01958272f470667e87bbde2

  • SHA512

    e1f027491450b75d59ebf9f7299e65de9ea621d8273c2db1973dd77913934d49fae32a73ac5ab65477d1fc20b52bee58a03994358a189122bcfb4dd14094791f

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

    • Target

      b2521c053ca4b41e1e6ee8e66a93010fee0a0303f01958272f470667e87bbde2

    • Size

      316KB

    • MD5

      a462b89517f859a66881609c088f3f74

    • SHA1

      0b17d47d74448af3c4554a40467d0489ee2dbd2d

    • SHA256

      b2521c053ca4b41e1e6ee8e66a93010fee0a0303f01958272f470667e87bbde2

    • SHA512

      e1f027491450b75d59ebf9f7299e65de9ea621d8273c2db1973dd77913934d49fae32a73ac5ab65477d1fc20b52bee58a03994358a189122bcfb4dd14094791f

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks