Overview

overview

10

Static

static

asdfg.exe

windows7_x64

10

asdfg.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    124s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-05-2022 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    asdfg.exe

  • Size

    100KB

  • MD5

    c7a310982da68b10360854f9cd78e718

  • SHA1

    60140c28e0b7db797a771c2dee081fa3812246db

  • SHA256

    df4876573295b4e7beb618db31a015ea617f61b811978bb168d432c4052f7731

  • SHA512

    6747fa3f7637922eeaa0feeb25d430dc6ab66fd9f3d22e7e5fd16bad9b75528a8174c34a8baf681950b64e8cdaa6a14e37633592e843c363e75468622ebd2ec3

Score
10/10
arkeidefaultstealersuricata

Malware Config

Extracted

Family

arkei

Botnet

Default

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\asdfg.exe
    "C:\Users\Admin\AppData\Local\Temp\asdfg.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      2⤵
        PID:1324

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/884-54-0x0000000000140000-0x000000000015E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/884-55-0x0000000075941000-0x0000000075943000-memory.dmp

      Filesize

      8KB

      Download

    • memory/884-56-0x00000000087A0000-0x0000000008904000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/884-57-0x0000000005B50000-0x0000000005B98000-memory.dmp

      Filesize

      288KB

      Download

    • memory/1324-58-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-59-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-61-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-63-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-64-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-66-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-67-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-70-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/1324-71-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download