74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c

General
Target

74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c

Size

1MB

Sample

220126-2eakdsbcbr

Score
10 /10
MD5

2b2ec30a2bf1c7166055e754a04c6ecf

SHA1

c4d2b04eab134dd058994633765410d9aefbe837

SHA256

74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c

SHA512

18642acdb1231b79112f66b06e47dee922eae4ed89a9cb00227e636833e76416023efd54c2e2728fe179659e796844fb545168248811fc2e823dc38e78e96f3e

Malware Config

Extracted

Family arkei
Botnet Default
C2

http://37.252.15.126/dhbUc2MgYS.php

Targets
Target

74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c

MD5

2b2ec30a2bf1c7166055e754a04c6ecf

Filesize

1MB

Score
10/10
SHA1

c4d2b04eab134dd058994633765410d9aefbe837

SHA256

74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c

SHA512

18642acdb1231b79112f66b06e47dee922eae4ed89a9cb00227e636833e76416023efd54c2e2728fe179659e796844fb545168248811fc2e823dc38e78e96f3e

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10