General

  • Target

    31257a30a3b1bf25d63c86e604e16cae16b725d8460782091c10ecf630059b4a

  • Size

    350KB

  • Sample

    220125-c6ewrafac2

  • MD5

    6e5d8904392f52b4ffe088559920915f

  • SHA1

    6f0bc4eb63f72081211c18b5fa2f61d817809422

  • SHA256

    31257a30a3b1bf25d63c86e604e16cae16b725d8460782091c10ecf630059b4a

  • SHA512

    8a4ac6fb9f802645c9c3ef2ac000f06f8268f36f5ad62f60b6815f1d491e05d98a8a87774402148fb0117fc7d1d0926ac6e5f6bf7342e03c32da1c1dbe0850cc

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      31257a30a3b1bf25d63c86e604e16cae16b725d8460782091c10ecf630059b4a

    • Size

      350KB

    • MD5

      6e5d8904392f52b4ffe088559920915f

    • SHA1

      6f0bc4eb63f72081211c18b5fa2f61d817809422

    • SHA256

      31257a30a3b1bf25d63c86e604e16cae16b725d8460782091c10ecf630059b4a

    • SHA512

      8a4ac6fb9f802645c9c3ef2ac000f06f8268f36f5ad62f60b6815f1d491e05d98a8a87774402148fb0117fc7d1d0926ac6e5f6bf7342e03c32da1c1dbe0850cc

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation