General

  • Target

    2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445

  • Size

    271KB

  • Sample

    220419-jsr3gsadaj

  • MD5

    48460445f790dc9aa302537a7b02a39b

  • SHA1

    7692c47b292ca99f9a32af8be16e5cbcce24c760

  • SHA256

    2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445

  • SHA512

    b9986bd41fcd2624ce28bcf8f93277b92b95bf5cd288389d16d1e4853d250106a8703be8faaa37cb5011d188aba3d7ad836fd68a044a327fe786381a133fe000

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://jsdkci.link/588711.php

Targets

    • Target

      2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445

    • Size

      271KB

    • MD5

      48460445f790dc9aa302537a7b02a39b

    • SHA1

      7692c47b292ca99f9a32af8be16e5cbcce24c760

    • SHA256

      2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445

    • SHA512

      b9986bd41fcd2624ce28bcf8f93277b92b95bf5cd288389d16d1e4853d250106a8703be8faaa37cb5011d188aba3d7ad836fd68a044a327fe786381a133fe000

    • Arkei

      Arkei is an infostealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks