General
-
Target
311476e365e80b02b44b55ddcf5865c4.exe
-
Size
68KB
-
Sample
240824-kyv7rssepa
-
MD5
311476e365e80b02b44b55ddcf5865c4
-
SHA1
d6fd497eb25234c77b2e8f672e292b5f9f760550
-
SHA256
a1e0a1c53824bb1d9d0adcaa6a8e8e2f5bef673b0981807a5775a182f28fe235
-
SHA512
70ff8f50b54df097a456689eed6c6218b2bb9d8c9e9f46c7b6e5a9dc5060eb331ba36f13cde252758b049f5b4ac498abf2d2b5c256edaf5dd7c777274e31b231
-
SSDEEP
1536:x2vMlMpCPJeGnyJDBld71oCe10yf0cCGMyo+JM4Z8L6Q3hs1:x2vMlMp8JeoyJDBlZycdGMyoYM+/D
Behavioral task
behavioral1
Sample
311476e365e80b02b44b55ddcf5865c4.exe
Resource
win7-20240708-en
Malware Config
Extracted
arkei
Default
Targets
-
-
Target
311476e365e80b02b44b55ddcf5865c4.exe
-
Size
68KB
-
MD5
311476e365e80b02b44b55ddcf5865c4
-
SHA1
d6fd497eb25234c77b2e8f672e292b5f9f760550
-
SHA256
a1e0a1c53824bb1d9d0adcaa6a8e8e2f5bef673b0981807a5775a182f28fe235
-
SHA512
70ff8f50b54df097a456689eed6c6218b2bb9d8c9e9f46c7b6e5a9dc5060eb331ba36f13cde252758b049f5b4ac498abf2d2b5c256edaf5dd7c777274e31b231
-
SSDEEP
1536:x2vMlMpCPJeGnyJDBld71oCe10yf0cCGMyo+JM4Z8L6Q3hs1:x2vMlMp8JeoyJDBlZycdGMyoYM+/D
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2