4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

General
Target

4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

Size

296KB

Sample

220124-tgqqdsfecq

Score
10 /10
MD5

3ffe4493f900644527e0f4dc573c55cb

SHA1

96b267f377fc8f77d4de1b3003e553db03706bf3

SHA256

4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

SHA512

c2377a775bf7932fd17914f12938dc316c213c514b1bf1ec250c41a53cff75f1227f74a9de7e353dce8b0a7662751125e05cee05bcaa2d608840e4555d136f5d

Malware Config

Extracted

Family arkei
Botnet Default
C2

http://homesteadr.link/ggate.php

Targets
Target

4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

MD5

3ffe4493f900644527e0f4dc573c55cb

Filesize

296KB

Score
10/10
SHA1

96b267f377fc8f77d4de1b3003e553db03706bf3

SHA256

4465fff8acf9a5c19ca92220b183cfc9897fb5cd4680e637f707b69f66a1387c

SHA512

c2377a775bf7932fd17914f12938dc316c213c514b1bf1ec250c41a53cff75f1227f74a9de7e353dce8b0a7662751125e05cee05bcaa2d608840e4555d136f5d

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Description

    suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Tags

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks