General

  • Target

    9bdd2f0e7b2e3b692c90ec0d23021ac8fbb6b11a9dac637896c3d31b5f847f03

  • Size

    316KB

  • Sample

    220114-zyvzbsaeh4

  • MD5

    986048cf2c47ea2cfe80f89e7f42ee17

  • SHA1

    54bba7a1441f305443d2104b59150fa645f8a9f6

  • SHA256

    9bdd2f0e7b2e3b692c90ec0d23021ac8fbb6b11a9dac637896c3d31b5f847f03

  • SHA512

    52811b896a24e77c47cc12dff34f39709aac7ac4f033749b2f02ca3c3d32f609a6a6c24a76ec5e763a298afda1d21456d24ad34aa11f143c3f91054d4ae02246

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

    • Target

      9bdd2f0e7b2e3b692c90ec0d23021ac8fbb6b11a9dac637896c3d31b5f847f03

    • Size

      316KB

    • MD5

      986048cf2c47ea2cfe80f89e7f42ee17

    • SHA1

      54bba7a1441f305443d2104b59150fa645f8a9f6

    • SHA256

      9bdd2f0e7b2e3b692c90ec0d23021ac8fbb6b11a9dac637896c3d31b5f847f03

    • SHA512

      52811b896a24e77c47cc12dff34f39709aac7ac4f033749b2f02ca3c3d32f609a6a6c24a76ec5e763a298afda1d21456d24ad34aa11f143c3f91054d4ae02246

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks