Overview

overview

10

Static

static

InstallerNPW.exe

windows7-x64

10

InstallerNPW.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    InstallerNPW.zip

  • Size

    940KB

  • Sample

    221024-k8fvtsfhap

  • MD5

    62f3006f820e9a618f23257e8d693697

  • SHA1

    b5550d565e41bd4e32e3829f77ab378495c8c751

  • SHA256

    50dec188746b9f3e72fe1effd96444eb8ed1b74ae86dc923ab55734b73dbbd6b

  • SHA512

    335894b22e4e66bba765b4e4cd68d06d00a810d4a5aa2518a23ae2ab4d8d06cbbaabdad7f74922034bbe64bd2b691f3f93521f7f7d28657a9c483f920ae1245b

  • SSDEEP

    6144:I+aGQRgl8TYoyJgBCinXQ3cnxsvuSw0SEG+Ak29lHMpuU5u:I9GEUoyJe+cnxsvuSwrZFkWspM

Score
10/10
arkeimarsstealerdefaultstealer

Malware Config

Extracted

Family

arkei

Botnet

Default

Extracted

Family

marsstealer

Botnet

Default

C2

46.3.197.98/hsdf7w34rhdjsf.php

Targets

    • Target

      InstallerNPW.exe

    • Size

      505.1MB

    • MD5

      a7181bdf496d2c79b321f14de2598680

    • SHA1

      c4f30ccc90fe2a4c392a8c7f665b831c04757553

    • SHA256

      5390a252d7d09aa1a46aca97c8fd9642adac289a6a33d9fc6d3eb1b3f5c0194d

    • SHA512

      a94a43eb45f30d8cfe1144c90d642480d93100cea6c77f693d25318abc98a30a279a443da5fe67e4356922ae7be651d0775361742b16cc0232c6c7c1c4f58bbe

    • SSDEEP

      6144:gCFtTT32Sw1eIKWgpxAOzuuXUXs/nEcYY6rpohYxNJgIzMfKkve4uQLl8+:dHT32SwAguXUc/nr6rDxzUSyPLq+

    Score
    10/10
    arkeimarsstealerdefaultstealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks