General

  • Target

    278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424

  • Size

    284KB

  • Sample

    220124-bzwegshfaj

  • MD5

    51366f65ae6218610e36e57300dd1880

  • SHA1

    036111329167f2779f6d0b1637754b288411ae32

  • SHA256

    278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424

  • SHA512

    f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424

    • Size

      284KB

    • MD5

      51366f65ae6218610e36e57300dd1880

    • SHA1

      036111329167f2779f6d0b1637754b288411ae32

    • SHA256

      278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424

    • SHA512

      f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks