Overview

overview

10

Static

static

3ad16c5735...ff.exe

windows7_x64

10

3ad16c5735...ff.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ad16c5735e6497666415d0621736d71b66e624beb012d06bf9fda66b09cdcff.zip

  • Size

    187KB

  • Sample

    220614-sjwtrafabl

  • MD5

    3a9de1833e97b92fe8d26cd22f8fffda

  • SHA1

    f1eb13e967bb23ba4d90668d9d9a95e2d4020256

  • SHA256

    ca04e632b0e2ef491d02caa978fbdb29df1a956eac5cd434df6f85286b389f80

  • SHA512

    8616bf6418251edbe7af333edfd470cf976252e64c0478be3f9359cb9c91bd3701947cba0a4ba3b2e94c229b81de2d85fb34247c08361a77c644a24105fb02b1

Score
10/10
arkeidefaultdiscoveryspywarestealersuricata

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

    • Target

      3ad16c5735e6497666415d0621736d71b66e624beb012d06bf9fda66b09cdcff

    • Size

      298KB

    • MD5

      9c7bd483a0404af97cbf390fddb9c281

    • SHA1

      e2371b4388c2782566b80c93044810738b62f2a0

    • SHA256

      3ad16c5735e6497666415d0621736d71b66e624beb012d06bf9fda66b09cdcff

    • SHA512

      aa2a1191cf72fe731b563ee3cf8b5f8b932ecefd60a8ab2fa5412a93e8f4e554955af5d1f05593daf7cff2caea4fc801d133ba703a4faee8cdde6c47c4e0a564

    Score
    10/10
    arkeidefaultdiscoveryspywarestealersuricata

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

      suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

      suricata

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks