arkei | 1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f | Triage

Submit
Reports

Overview

overview

Static

static

1ac7892dbd...2f.exe

windows7_x64

7

1ac7892dbd...2f.exe

windows10-2004_x64

Sharing

General

Target

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.bin
Size

93KB
Sample

220204-rbkabaahbk
MD5

68958ce8e51a4b8dd6ff8b8a57515be2
SHA1

d88289eab220b4d8e3dbe4f9f2ce3539105d3c4a
SHA256

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f
SHA512

a3b858721fb2060bf413edf4a893a8d6e860857225bad60d7c3a5be57f672f63d71582d30ace1ed881c57ef6d47a2f196c2b2c135cb4ce86d4015332585484b4

Score

10^/10

arkei marsstealer persistence spyware stealer

Static task

static1

stealer arkei marsstealer

Behavioral task

behavioral1

Sample

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.exe

Resource

win7-en-20211208

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.exe

Resource

win10v2004-en-20220112

persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

marsstealer

C2

http://195124.prohoster.biz/pool.php

Targets

- Target
  
  1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.bin
- Size
  
  93KB
- MD5
  
  68958ce8e51a4b8dd6ff8b8a57515be2
- SHA1
  
  d88289eab220b4d8e3dbe4f9f2ce3539105d3c4a
- SHA256
  
  1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f
- SHA512
  
  a3b858721fb2060bf413edf4a893a8d6e860857225bad60d7c3a5be57f672f63d71582d30ace1ed881c57ef6d47a2f196c2b2c135cb4ce86d4015332585484b4
Score

10^/10

spyware stealer persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

stealerarkeimarsstealer

behavioral1

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy