8d91d39f286cc239f1dcaec687c1277f4d918dfb61a7579f2bdb5f3ead3ee700

General
Target

8d91d39f286cc239f1dcaec687c1277f4d918dfb61a7579f2bdb5f3ead3ee700

Size

337KB

Sample

220126-jcdvxsaecj

Score
10 /10
MD5

24d3e127cc49fc25b6950cada7191b0f

SHA1

f7e2ec81cb4d1a2a3c15a64696c21495384e8a72

SHA256

8d91d39f286cc239f1dcaec687c1277f4d918dfb61a7579f2bdb5f3ead3ee700

SHA512

c951b7bf2cb45d8b4e686b30155ffb93c4f4601fb425dc8a44cc4894a17f311c6640747204d0e2189f6bad024628f0ef2808462c9303bb0d401ac9e51ed26122

Malware Config

Extracted

Family arkei
Botnet Default
C2

http://coin-file-file-19.com/tratata.php

Targets
Target

8d91d39f286cc239f1dcaec687c1277f4d918dfb61a7579f2bdb5f3ead3ee700

MD5

24d3e127cc49fc25b6950cada7191b0f

Filesize

337KB

Score
10/10
SHA1

f7e2ec81cb4d1a2a3c15a64696c21495384e8a72

SHA256

8d91d39f286cc239f1dcaec687c1277f4d918dfb61a7579f2bdb5f3ead3ee700

SHA512

c951b7bf2cb45d8b4e686b30155ffb93c4f4601fb425dc8a44cc4894a17f311c6640747204d0e2189f6bad024628f0ef2808462c9303bb0d401ac9e51ed26122

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Description

    suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Tags

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation