Extracted

Extracted

• • Target

    df4876573295b4e7beb618db31a015ea617f61b811978bb168d432c4052f7731.exe

  • Size

    100KB

  • MD5

    c7a310982da68b10360854f9cd78e718

  • SHA1

    60140c28e0b7db797a771c2dee081fa3812246db

  • SHA256

    df4876573295b4e7beb618db31a015ea617f61b811978bb168d432c4052f7731

  • SHA512

    6747fa3f7637922eeaa0feeb25d430dc6ab66fd9f3d22e7e5fd16bad9b75528a8174c34a8baf681950b64e8cdaa6a14e37633592e843c363e75468622ebd2ec3

  Score

  10^/10

  arkeiazorultdefaultinfostealerpersistencespywarestealersuricatatrojan

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata

  • suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5

    suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5

    suricata

  • suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

    suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

    suricata

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2