General

  • Target

    5d0a9c2874aa124ccaf2e6c0f365fc424a19a63b8ca79a71aad7522baf013ee2

  • Size

    307KB

  • Sample

    220118-qs1sysbda8

  • MD5

    519d9edff24b60f6a4e14f5dbc0c98dd

  • SHA1

    3a8b9d09251b52c0535de0aa6fb129f6b79ba1b1

  • SHA256

    5d0a9c2874aa124ccaf2e6c0f365fc424a19a63b8ca79a71aad7522baf013ee2

  • SHA512

    449e3a9d1e84c4d2bd909014da4f90881f4890af512c6eed4f0da27c7668dfc913677bd7d14cd27c137fb620d9961add51aeee129734152e3e3dc83b959ea7f1

Malware Config

Extracted

Family

arkei

Botnet

homesteadr

C2

http://homesteadr.link/ggate.php

Targets

    • Target

      5d0a9c2874aa124ccaf2e6c0f365fc424a19a63b8ca79a71aad7522baf013ee2

    • Size

      307KB

    • MD5

      519d9edff24b60f6a4e14f5dbc0c98dd

    • SHA1

      3a8b9d09251b52c0535de0aa6fb129f6b79ba1b1

    • SHA256

      5d0a9c2874aa124ccaf2e6c0f365fc424a19a63b8ca79a71aad7522baf013ee2

    • SHA512

      449e3a9d1e84c4d2bd909014da4f90881f4890af512c6eed4f0da27c7668dfc913677bd7d14cd27c137fb620d9961add51aeee129734152e3e3dc83b959ea7f1

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks