General

  • Target

    5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6

  • Size

    351KB

  • Sample

    220125-wm8t9sccem

  • MD5

    f9eeb74491111d0a7141af4e82ffa403

  • SHA1

    a29891e2d0e6707e066db393173b5c53dc185973

  • SHA256

    5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6

  • SHA512

    b98febaa6cef29bacbbd38297e1949389a38d3b860f7a9723eb2abffe3458ad1255484bf8a7b50465701ecd64bd3ef57dbcf8500630d7738598de563aee7f1de

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6

    • Size

      351KB

    • MD5

      f9eeb74491111d0a7141af4e82ffa403

    • SHA1

      a29891e2d0e6707e066db393173b5c53dc185973

    • SHA256

      5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6

    • SHA512

      b98febaa6cef29bacbbd38297e1949389a38d3b860f7a9723eb2abffe3458ad1255484bf8a7b50465701ecd64bd3ef57dbcf8500630d7738598de563aee7f1de

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks