General

  • Target

    5d292b8f8fc6e8e3105c46f56084e048e45e258da0380667486b8df6fa506458

  • Size

    269KB

  • Sample

    220122-etyjfahee9

  • MD5

    213a09a3f6041ef57a1b54d812a841f4

  • SHA1

    f75b82673acb2425e30b2f263edc188cbf071d02

  • SHA256

    5d292b8f8fc6e8e3105c46f56084e048e45e258da0380667486b8df6fa506458

  • SHA512

    ef463914a3f791821d81d5924e93974d3ee857607a73034012f648c0bcbbdd6a64a35c68d53422dc5221ed907aa5127f41fb140e4301fb282aac8544e94300b3

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

    • Target

      5d292b8f8fc6e8e3105c46f56084e048e45e258da0380667486b8df6fa506458

    • Size

      269KB

    • MD5

      213a09a3f6041ef57a1b54d812a841f4

    • SHA1

      f75b82673acb2425e30b2f263edc188cbf071d02

    • SHA256

      5d292b8f8fc6e8e3105c46f56084e048e45e258da0380667486b8df6fa506458

    • SHA512

      ef463914a3f791821d81d5924e93974d3ee857607a73034012f648c0bcbbdd6a64a35c68d53422dc5221ed907aa5127f41fb140e4301fb282aac8544e94300b3

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks