Overview

overview

10

Static

static

MIXONE.exe

windows7_x64

10

MIXONE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MIXONE.file

  • Size

    268KB

  • Sample

    220609-r3hkssddh2

  • MD5

    27dc719db81a482a554dfa94992c53fe

  • SHA1

    61ab59cc71f745afa1c4668ffba8253b4b2b52d6

  • SHA256

    90c0e76b7fee7b989428081fb1a754f45c3c0bee42131a03dbb1450d370dd793

  • SHA512

    9ef986d23b4b9a3dc7d4eb0f1c5f819fb41938df35c512ec57fdfda49be2c58a7ad503165f3475d93f470b2bbd1afc1bddff56ba2139f3706643b01056514c95

Score
10/10
arkeidefaultdiscoveryspywarestealersuricata

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

    • Target

      MIXONE.file

    • Size

      268KB

    • MD5

      27dc719db81a482a554dfa94992c53fe

    • SHA1

      61ab59cc71f745afa1c4668ffba8253b4b2b52d6

    • SHA256

      90c0e76b7fee7b989428081fb1a754f45c3c0bee42131a03dbb1450d370dd793

    • SHA512

      9ef986d23b4b9a3dc7d4eb0f1c5f819fb41938df35c512ec57fdfda49be2c58a7ad503165f3475d93f470b2bbd1afc1bddff56ba2139f3706643b01056514c95

    Score
    10/10
    arkeidefaultdiscoveryspywarestealersuricata

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)

      suricata: ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)

      suricata

    • suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

      suricata

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks