General

  • Target

    ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede.exe

  • Size

    288KB

  • Sample

    240725-gd5nxsvckd

  • MD5

    cf7cb7a8070ac0ef36c77a03b5633cd0

  • SHA1

    b4dd503ca58eb28a68e211ed625e190242a89d6c

  • SHA256

    ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede

  • SHA512

    8f3ae92fe3439df011f63e3e1fbd4c5588fca15854a8f00b3f7c35d3de6851a6bd1fa7f6f4872cffaee1edc853d621211576e753a3c75e1369e5640a30b2ae5c

  • SSDEEP

    3072:Tgaq4w5DZjczpico2kC1covqOHjYEb12JjkPBc5bzIEi2l6GCH:XP+jPcrkC1coSOVbIJjAYJtp

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

coin-file-file-19.com/tratata.php

Targets

    • Target

      ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede.exe

    • Size

      288KB

    • MD5

      cf7cb7a8070ac0ef36c77a03b5633cd0

    • SHA1

      b4dd503ca58eb28a68e211ed625e190242a89d6c

    • SHA256

      ba57961b45dd5c9e72197ce0c81b3ecb1dc4b51295790fa0b73822291217bede

    • SHA512

      8f3ae92fe3439df011f63e3e1fbd4c5588fca15854a8f00b3f7c35d3de6851a6bd1fa7f6f4872cffaee1edc853d621211576e753a3c75e1369e5640a30b2ae5c

    • SSDEEP

      3072:Tgaq4w5DZjczpico2kC1covqOHjYEb12JjkPBc5bzIEi2l6GCH:XP+jPcrkC1coSOVbIJjAYJtp

    • Arkei

      Arkei is an infostealer written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks