61450197a77e76502a34d0a9bbfdb2004905c563e34bac3c7d37d5e770b3bf60

Target

Size

337KB

Sample

220126-w1tx9sgedk

Score

10 ^/10

MD5

25402edcf0c474b6bd2bc674b4612688

SHA1

c34dc1afd4d57050d9753e015098a7039f1d01e5

SHA256

61450197a77e76502a34d0a9bbfdb2004905c563e34bac3c7d37d5e770b3bf60

SHA512

befc27419e1a0eb3e1bdde5accb07c3de4b37dd8e4939c10ce304e99859a71f06a0505c4643408057f5a9cfaaa1643e5f6519b29b0361b61ec9f62669d91800b

Extracted

Family	arkei
Botnet	Default
C2	http://coin-file-file-19.com/tratata.php http://coin-file-file-19.com/tratata.php

Target

61450197a77e76502a34d0a9bbfdb2004905c563e34bac3c7d37d5e770b3bf60

MD5

25402edcf0c474b6bd2bc674b4612688

Filesize

337KB

Score

10^/10

SHA1

c34dc1afd4d57050d9753e015098a7039f1d01e5

SHA256

61450197a77e76502a34d0a9bbfdb2004905c563e34bac3c7d37d5e770b3bf60

SHA512

befc27419e1a0eb3e1bdde5accb07c3de4b37dd8e4939c10ce304e99859a71f06a0505c4643408057f5a9cfaaa1643e5f6519b29b0361b61ec9f62669d91800b

Signatures

Arkei
Description

Arkei is an infostealer written in C++.
Tags

stealer arkei
Suspicious use of NtCreateProcessExOtherParentProcess
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Description

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Tags

suricata
Arkei Stealer Payload
Tags

stealer
Downloads MZ/PE file
Sets service image path in registry
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

arkei default discovery persistence spyware stealer suricata

10^/10

Extracted

Tags

Signatures

Arkei

Description

Tags

Suspicious use of NtCreateProcessExOtherParentProcess

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

Description

Tags

Arkei Stealer Payload

Tags

Downloads MZ/PE file

Sets service image path in registry

Tags

TTPs

Checks computer location settings

Description

TTPs

Loads dropped DLL

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1