Extracted

Extracted

Extracted

• • Target

    a28b0824e48b4ca32608126458bd5d345015cd5c2e380d479d7e43d72611fcc3

  • Size

    1.9MB

  • MD5

    b0b47d69cc54b277235b470ba486c710

  • SHA1

    c7f46aba6a3c8b929f322585dc162ae98129221d

  • SHA256

    a28b0824e48b4ca32608126458bd5d345015cd5c2e380d479d7e43d72611fcc3

  • SHA512

    5565c09d98017f3eb1065bbd1c3d7870a41e29597ed17f39eaebabc4cd1ee7255ef817a15643cc32ededacebfdeee4ebf7bcc5f08cfa55b50c48cf3e40392d9a

  Score

  10^/10

  arkeirecordbreakerdefaultdiscoveryspywarestealersuricata

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • RecordBreaker

    RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

    stealerrecordbreaker

  • suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata: ET MALWARE Base64 Encoded Stealer Config from Server - APPDATA or USERPROFILE Environment Variable M4

    suricata

  • suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

    suricata: ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil

    suricata

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2