General

  • Target

    e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

  • Size

    327KB

  • Sample

    220118-l6v3eaaggl

  • MD5

    cba5a02f12940f7569e9f86b722d565c

  • SHA1

    ba466cfe6750fe9cfcf43b1305ddc8d068f0be48

  • SHA256

    e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

  • SHA512

    1554ec38ff34ec17b377e7a6b2439a73afc9b12f52504bbb6c3deae495ae9437f26229e82039657d3714e2d24a9bdee462af6784ca4134b5763de49f79a648a7

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

    • Target

      e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

    • Size

      327KB

    • MD5

      cba5a02f12940f7569e9f86b722d565c

    • SHA1

      ba466cfe6750fe9cfcf43b1305ddc8d068f0be48

    • SHA256

      e3293181f54e52c1ffdee041f0182ecdbcd09d7477b4ff9be08d93380bb6ce9b

    • SHA512

      1554ec38ff34ec17b377e7a6b2439a73afc9b12f52504bbb6c3deae495ae9437f26229e82039657d3714e2d24a9bdee462af6784ca4134b5763de49f79a648a7

    • Arkei

      Arkei is an infostealer written in C++.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Collection

Data from Local System

2
T1005

Tasks