d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc

General
Target

d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc

Size

355KB

Sample

220128-qgp73sdbbj

Score
10 /10
MD5

ea20ae4d3b5424305128525583c1b453

SHA1

546c0747c34b109aeafd6565b0cc95bae5f1f432

SHA256

d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc

SHA512

e42b3f91f8cc7586016a9645a5e615b7c2b84633d6e7bfc364c64f9a193edb747c4b5e5b109ca8b9d3aacbf7b544e29076fc4c44878aee80cb0cf414549d223c

Malware Config

Extracted

Family arkei
Botnet Default
C2

http://coin-file-file-19.com/tratata.php

Targets
Target

d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc

MD5

ea20ae4d3b5424305128525583c1b453

Filesize

355KB

Score
10/10
SHA1

546c0747c34b109aeafd6565b0cc95bae5f1f432

SHA256

d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc

SHA512

e42b3f91f8cc7586016a9645a5e615b7c2b84633d6e7bfc364c64f9a193edb747c4b5e5b109ca8b9d3aacbf7b544e29076fc4c44878aee80cb0cf414549d223c

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Description

    suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

    Tags

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks