General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.10738.4071
-
Size
603KB
-
Sample
220520-2kbdwafea9
-
MD5
266895bb6352da2e1dfdda8bdabfc019
-
SHA1
552cf2dac80d8f1fe6a63d274cc76935144d736e
-
SHA256
599d2de17faf8e2ff99da2234a42b53192e18f49bccc1c11104da6d60279585e
-
SHA512
25b8084b96591127547f3495d32419de4dc9ab644e58eb454f3a0708c5134857da4f3e7bc11a0a6217a3e8178011a35d435a55fd0ef12db85162a27f55dd4345
Malware Config
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.10738.4071
-
Size
603KB
-
MD5
266895bb6352da2e1dfdda8bdabfc019
-
SHA1
552cf2dac80d8f1fe6a63d274cc76935144d736e
-
SHA256
599d2de17faf8e2ff99da2234a42b53192e18f49bccc1c11104da6d60279585e
-
SHA512
25b8084b96591127547f3495d32419de4dc9ab644e58eb454f3a0708c5134857da4f3e7bc11a0a6217a3e8178011a35d435a55fd0ef12db85162a27f55dd4345
Score10/10-
Arkei
Arkei is an infostealer written in C++.
-
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-