Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
Size

284KB
Sample

220124-bzwegshfaj
MD5

51366f65ae6218610e36e57300dd1880
SHA1

036111329167f2779f6d0b1637754b288411ae32
SHA256

278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
SHA512

f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0

Score

10^/10

arkei default discovery spyware stealer suricata

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

- Target
  
  278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
- Size
  
  284KB
- MD5
  
  51366f65ae6218610e36e57300dd1880
- SHA1
  
  036111329167f2779f6d0b1637754b288411ae32
- SHA256
  
  278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
- SHA512
  
  f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0
Score

10^/10

arkei default discovery spyware stealer suricata
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
  suricata
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

T1005

Command and Control

Credential Access

Credentials in Files

T1081

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

arkeidefaultdiscoveryspywarestealersuricata