Overview

overview

10

Static

static

3

bffa608e60...0a.exe

windows7-x64

10

bffa608e60...0a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bffa608e609a6e2f67d01bb5f64ba70a.exe

  • Size

    2.6MB

  • Sample

    231216-vt9vgacchp

  • MD5

    bffa608e609a6e2f67d01bb5f64ba70a

  • SHA1

    dfc31151b6886f6a0e18c6a564f766591772b78f

  • SHA256

    27c43e0863d1f53297dc16f09626d956c6f86cf3285bbd8eb8488eccb564fa66

  • SHA512

    4936cea91c0d0cfbba73d0a62fb31c3cf4f915611c031f358bb9f86fceeed8318d25b3b2e9785bed7a77d3c4093a48b8d58a01520190fa6fd30a2d27276863b7

  • SSDEEP

    12288:ljT1qos+lTLzwN9RYIA17At7y7qP7d1JHywHS38hy:+UlyYIApAxyGd1JSgS3my

Score
10/10
arkeimarsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

91.92.250.149/gate.php

Extracted

Family

arkei

Botnet

Default

Targets

    • Target

      bffa608e609a6e2f67d01bb5f64ba70a.exe

    • Size

      2.6MB

    • MD5

      bffa608e609a6e2f67d01bb5f64ba70a

    • SHA1

      dfc31151b6886f6a0e18c6a564f766591772b78f

    • SHA256

      27c43e0863d1f53297dc16f09626d956c6f86cf3285bbd8eb8488eccb564fa66

    • SHA512

      4936cea91c0d0cfbba73d0a62fb31c3cf4f915611c031f358bb9f86fceeed8318d25b3b2e9785bed7a77d3c4093a48b8d58a01520190fa6fd30a2d27276863b7

    • SSDEEP

      12288:ljT1qos+lTLzwN9RYIA17At7y7qP7d1JHywHS38hy:+UlyYIApAxyGd1JSgS3my

    Score
    10/10
    arkeimarsstealerdefaultspywarestealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks