General

  • Target

    0113a890e1d33a4bc9639166fbd8433606a791e72afd9c9216277c398bb2fb3c

  • Size

    360KB

  • Sample

    220128-ftmydafhdk

  • MD5

    b903bb4307cad6623819c21922a6acc3

  • SHA1

    1ee4bbb6aa4f9a4f80d763648b15fff1d0baa30a

  • SHA256

    0113a890e1d33a4bc9639166fbd8433606a791e72afd9c9216277c398bb2fb3c

  • SHA512

    ca19f1b118fae6a8c08266286154521b47e546726f6ae83ee277aeca006fdc8f311b80502b9f778c5209b7d69aed0d669d1b611dfc6afa2658a7f2ed8fda1dbf

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://coin-file-file-19.com/tratata.php

Targets

    • Target

      0113a890e1d33a4bc9639166fbd8433606a791e72afd9c9216277c398bb2fb3c

    • Size

      360KB

    • MD5

      b903bb4307cad6623819c21922a6acc3

    • SHA1

      1ee4bbb6aa4f9a4f80d763648b15fff1d0baa30a

    • SHA256

      0113a890e1d33a4bc9639166fbd8433606a791e72afd9c9216277c398bb2fb3c

    • SHA512

      ca19f1b118fae6a8c08266286154521b47e546726f6ae83ee277aeca006fdc8f311b80502b9f778c5209b7d69aed0d669d1b611dfc6afa2658a7f2ed8fda1dbf

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    • Arkei Stealer Payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks