General

  • Target

    3d7c499babe52f358fd0d77e0ea92c80304a9ad4c4fcb0c68213b3607902611b

  • Size

    350KB

  • Sample

    220125-l1lxjsdedq

  • MD5

    88cb0fd2c26a1c706b083157aeb38b8b

  • SHA1

    b20accf3886213a05bdd2bcaab7603d938ed5a78

  • SHA256

    3d7c499babe52f358fd0d77e0ea92c80304a9ad4c4fcb0c68213b3607902611b

  • SHA512

    b95f37787f398ad6b61dcedc6fec6d67812078cb6b56fe1b43b00142e2490e48398d0900fcea8abaffa685691459469687b292d6859af276e3da352b3e9108c5

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      3d7c499babe52f358fd0d77e0ea92c80304a9ad4c4fcb0c68213b3607902611b

    • Size

      350KB

    • MD5

      88cb0fd2c26a1c706b083157aeb38b8b

    • SHA1

      b20accf3886213a05bdd2bcaab7603d938ed5a78

    • SHA256

      3d7c499babe52f358fd0d77e0ea92c80304a9ad4c4fcb0c68213b3607902611b

    • SHA512

      b95f37787f398ad6b61dcedc6fec6d67812078cb6b56fe1b43b00142e2490e48398d0900fcea8abaffa685691459469687b292d6859af276e3da352b3e9108c5

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks