General

  • Target

    d84b26694278d072ae5db42f7cefae577c76d13aa41f9029e26d551a74a3c161

  • Size

    350KB

  • Sample

    220125-nakmxafab9

  • MD5

    b3a861c3933910bbded253d24b8ebc97

  • SHA1

    99f17a40ffdce1633a2b0e19322e3e3b504e00e0

  • SHA256

    d84b26694278d072ae5db42f7cefae577c76d13aa41f9029e26d551a74a3c161

  • SHA512

    b74a841b7e6659d547d3294cdd609b4e728d36980bc3ce6b00baa9ccd0673e51822698ac99edf5e1548264bf99b58265e879cffbd76b74283f9273292b2ec5c4

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      d84b26694278d072ae5db42f7cefae577c76d13aa41f9029e26d551a74a3c161

    • Size

      350KB

    • MD5

      b3a861c3933910bbded253d24b8ebc97

    • SHA1

      99f17a40ffdce1633a2b0e19322e3e3b504e00e0

    • SHA256

      d84b26694278d072ae5db42f7cefae577c76d13aa41f9029e26d551a74a3c161

    • SHA512

      b74a841b7e6659d547d3294cdd609b4e728d36980bc3ce6b00baa9ccd0673e51822698ac99edf5e1548264bf99b58265e879cffbd76b74283f9273292b2ec5c4

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks