Overview

overview

10

Static

static

SecuriteIn...78.exe

windows7-x64

10

SecuriteIn...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.W32.AIDetect.malware2.15478.27881

  • Size

    614KB

  • Sample

    220719-1g2k8aefcm

  • MD5

    453b2f78f4e8e4791eee51b41e6b089d

  • SHA1

    3a27b5cfd0ced45acfad15d2a2abaa43aa003601

  • SHA256

    9af1bf846615baac47c6ca38ea7d960a5fbab1f840d51514ed69ed487c2a599b

  • SHA512

    c3cd664c1bc12e0699555ce7952c6088c92e31c335aefc906418b87344981f5c4cdba0133344fa71bf0f2037ca7768975ad9b06901e99178926a2f0196665e9a

Score
10/10
arkeiguloaderdefaultdownloaderspywarestealer

Malware Config

Extracted

Family

arkei

Botnet

Default

Targets

    • Target

      SecuriteInfo.com.W32.AIDetect.malware2.15478.27881

    • Size

      614KB

    • MD5

      453b2f78f4e8e4791eee51b41e6b089d

    • SHA1

      3a27b5cfd0ced45acfad15d2a2abaa43aa003601

    • SHA256

      9af1bf846615baac47c6ca38ea7d960a5fbab1f840d51514ed69ed487c2a599b

    • SHA512

      c3cd664c1bc12e0699555ce7952c6088c92e31c335aefc906418b87344981f5c4cdba0133344fa71bf0f2037ca7768975ad9b06901e99178926a2f0196665e9a

    Score
    10/10
    arkeiguloaderdefaultdownloaderspywarestealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks