General

  • Target

    9451a9fb9fb23f81beaecbaad8e174b8.exe

  • Size

    159KB

  • Sample

    220508-h2m98adfal

  • MD5

    9451a9fb9fb23f81beaecbaad8e174b8

  • SHA1

    ebde6475ca62c6f1eb909eded69e108e3ada83fa

  • SHA256

    27223530f9da259a9f2318b525399a30f5656ca4d2951d76af8039484d8f3e74

  • SHA512

    b631fd9600d2eaa01cd7aafc128084da23e0cbd2a8899c9bc31a950899134479ca6f0139211fe134da89de8520706a22ac68393bdf5f0ef3d99710a70ed11cd4

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

    • Target

      9451a9fb9fb23f81beaecbaad8e174b8.exe

    • Size

      159KB

    • MD5

      9451a9fb9fb23f81beaecbaad8e174b8

    • SHA1

      ebde6475ca62c6f1eb909eded69e108e3ada83fa

    • SHA256

      27223530f9da259a9f2318b525399a30f5656ca4d2951d76af8039484d8f3e74

    • SHA512

      b631fd9600d2eaa01cd7aafc128084da23e0cbd2a8899c9bc31a950899134479ca6f0139211fe134da89de8520706a22ac68393bdf5f0ef3d99710a70ed11cd4

    • Arkei

      Arkei is an infostealer written in C++.

    • suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks