General

  • Target

    bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602

  • Size

    274KB

  • Sample

    220127-e12vfafdgk

  • MD5

    c0cebf58bc464d40ada9444c8c19e955

  • SHA1

    52cc6a2c87862b1c815e843f154ec9cb66f345e9

  • SHA256

    bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602

  • SHA512

    ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602

    • Size

      274KB

    • MD5

      c0cebf58bc464d40ada9444c8c19e955

    • SHA1

      52cc6a2c87862b1c815e843f154ec9cb66f345e9

    • SHA256

      bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602

    • SHA512

      ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks