Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    105be93c98f8fd1c959941e8ef5c12b970264c71487412600eef12bf531a6c97

  • Size

    326KB

  • Sample

    220118-kd957aaebl

  • MD5

    539068dab97004554d3436d5033021d4

  • SHA1

    dde2446c9b3866aeea35941bd8362489811e7f02

  • SHA256

    105be93c98f8fd1c959941e8ef5c12b970264c71487412600eef12bf531a6c97

  • SHA512

    3ee685b2d475a58a804a1904c33e267037f55794060113398d71519089b2ef858ecd85a2624d195ef4bb6ba40b6518af73256b12a77ef68fec91be2003b53b0d

Score
10/10
arkeihomesteadrdiscoveryspywarestealer

Malware Config

Extracted

Family

arkei

Botnet

homesteadr

C2

http://homesteadr.link/ggate.php

Targets

    • Target

      105be93c98f8fd1c959941e8ef5c12b970264c71487412600eef12bf531a6c97

    • Size

      326KB

    • MD5

      539068dab97004554d3436d5033021d4

    • SHA1

      dde2446c9b3866aeea35941bd8362489811e7f02

    • SHA256

      105be93c98f8fd1c959941e8ef5c12b970264c71487412600eef12bf531a6c97

    • SHA512

      3ee685b2d475a58a804a1904c33e267037f55794060113398d71519089b2ef858ecd85a2624d195ef4bb6ba40b6518af73256b12a77ef68fec91be2003b53b0d

    Score
    10/10
    arkeihomesteadrdiscoveryspywarestealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Arkei Stealer Payload

      stealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks