General

  • Target

    5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445

  • Size

    274KB

  • Sample

    220127-hbcqssghcl

  • MD5

    6f4d364ef1158c81a4a360c9d5e6b94e

  • SHA1

    5ac98de59631c198faa58300fbda535f8a7f65b2

  • SHA256

    5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445

  • SHA512

    610dfa2040b6f302471806fce3a881ce8483a22d8a5fae699e9759869f6680098c3982a8bead678958df944c39e4879e18cdf62f5de2fee83668c35e8ba8571a

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445

    • Size

      274KB

    • MD5

      6f4d364ef1158c81a4a360c9d5e6b94e

    • SHA1

      5ac98de59631c198faa58300fbda535f8a7f65b2

    • SHA256

      5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445

    • SHA512

      610dfa2040b6f302471806fce3a881ce8483a22d8a5fae699e9759869f6680098c3982a8bead678958df944c39e4879e18cdf62f5de2fee83668c35e8ba8571a

    • Arkei

      Arkei is an infostealer written in C++.

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks