Overview

overview

10

Static

static

185.4.65.2...6a.exe

windows7-x64

10

185.4.65.2...6a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2022 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe

  • Size

    159KB

  • MD5

    b78436c8bdcd14b81c4a828651ef8f6a

  • SHA1

    bee132bfbb59e41b02dd0fbd65ba3eba2a3a5c17

  • SHA256

    f5d6e5e4b06d5597f705053b15db15b8cbcb33c40c5437cda4d90af430a218fa

  • SHA512

    9b7db48478eee118b708cd34d4e0755705e5437c476fc2c73875ec72582a93a657b6779808d36f7a358272d262048605a5b56809c6b32800dcf7e0ca493d413a

Score
10/10
arkeidefaultdiscoveryspywarestealer

Malware Config

Extracted

Family

arkei

Botnet

Default

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe
    "C:\Users\Admin\AppData\Local\Temp\185.4.65.203_-_update.exe___b78436c8bdcd14b81c4a828651ef8f6a.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    PID:4684

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\mozglue.dll
    Filesize

    133KB

    MD5

    8f73c08a9660691143661bf7332c3c27

    SHA1

    37fa65dd737c50fda710fdbde89e51374d0c204a

    SHA256

    3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd

    SHA512

    0042ecf9b3571bb5eba2de893e8b2371df18f7c5a589f52ee66e4bfbaa15a5b8b7cc6a155792aaa8988528c27196896d5e82e1751c998bacea0d92395f66ad89

    Download Submit
  • C:\ProgramData\nss3.dll
    Filesize

    1.2MB

    MD5

    bfac4e3c5908856ba17d41edcd455a51

    SHA1

    8eec7e888767aa9e4cca8ff246eb2aacb9170428

    SHA256

    e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78

    SHA512

    2565bab776c4d732ffb1f9b415992a4c65b81bcd644a9a1df1333a269e322925fc1df4f76913463296efd7c88ef194c3056de2f1ca1357d7b5fe5ff0da877a66

    Download Submit
  • memory/4684-130-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/4684-131-0x0000000060900000-0x0000000060992000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4684-152-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

    Download