General

  • Target

    4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

  • Size

    296KB

  • Sample

    220124-tgqqdsfecq

  • MD5

    3ffe4493f900644527e0f4dc573c55cb

  • SHA1

    96b267f377fc8f77d4de1b3003e553db03706bf3

  • SHA256

    4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

  • SHA512

    c2377a775bf7932fd17914f12938dc316c213c514b1bf1ec250c41a53cff75f1227f74a9de7e353dce8b0a7662751125e05cee05bcaa2d608840e4555d136f5d

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://homesteadr.link/ggate.php

Targets

    • Target

      4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

    • Size

      296KB

    • MD5

      3ffe4493f900644527e0f4dc573c55cb

    • SHA1

      96b267f377fc8f77d4de1b3003e553db03706bf3

    • SHA256

      4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

    • SHA512

      c2377a775bf7932fd17914f12938dc316c213c514b1bf1ec250c41a53cff75f1227f74a9de7e353dce8b0a7662751125e05cee05bcaa2d608840e4555d136f5d

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks