General

  • Target

    dbe53cc0be5df4f960fb997069326e144d4c843c70624856a4954b3e4287833d

  • Size

    271KB

  • Sample

    220122-px215sbae9

  • MD5

    c828ec6da5136463ef6ee84ce1e92521

  • SHA1

    826e40b65e5da4236f3e8d108cd92ad2d131f433

  • SHA256

    dbe53cc0be5df4f960fb997069326e144d4c843c70624856a4954b3e4287833d

  • SHA512

    4dbb862e39db5cfb2515df79057e2e6aaa97a408ddfa6690a6f9df918d3a7f2e6394ee653d3f70862f1d4837769a1237bbae784fbded9219a0f07b048da38402

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://homesteadr.link/ggate.php

Targets

    • Target

      dbe53cc0be5df4f960fb997069326e144d4c843c70624856a4954b3e4287833d

    • Size

      271KB

    • MD5

      c828ec6da5136463ef6ee84ce1e92521

    • SHA1

      826e40b65e5da4236f3e8d108cd92ad2d131f433

    • SHA256

      dbe53cc0be5df4f960fb997069326e144d4c843c70624856a4954b3e4287833d

    • SHA512

      4dbb862e39db5cfb2515df79057e2e6aaa97a408ddfa6690a6f9df918d3a7f2e6394ee653d3f70862f1d4837769a1237bbae784fbded9219a0f07b048da38402

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks