General
-
Target
c9447adafcde36beae4a02d6c81c820d46e4fa9481e1b708b641b3a67c98d48c.exe
-
Size
453KB
-
Sample
240825-bxcvcsserr
-
MD5
1acc4c16687d848711a9980e6ae72e50
-
SHA1
eadc3f132e62bc29e7db686a440e411384de3b58
-
SHA256
c9447adafcde36beae4a02d6c81c820d46e4fa9481e1b708b641b3a67c98d48c
-
SHA512
9a744209cfd275a1e3dd8e11f1ec31335f7c4f789e4156a2e4c166b83741a6b7811a09cb7678f1bff28b5291f0dc7a254f70efecb3131ff954521c4a75408408
-
SSDEEP
12288:pOxPkPjQeqQ1Y53KR/WX+t4K5dKKVaGiL:nEeqQq3KZUMaGs
Static task
static1
Behavioral task
behavioral1
Sample
c9447adafcde36beae4a02d6c81c820d46e4fa9481e1b708b641b3a67c98d48c.exe
Resource
win7-20240704-en
Malware Config
Extracted
arkei
Default
Targets
-
-
Target
c9447adafcde36beae4a02d6c81c820d46e4fa9481e1b708b641b3a67c98d48c.exe
-
Size
453KB
-
MD5
1acc4c16687d848711a9980e6ae72e50
-
SHA1
eadc3f132e62bc29e7db686a440e411384de3b58
-
SHA256
c9447adafcde36beae4a02d6c81c820d46e4fa9481e1b708b641b3a67c98d48c
-
SHA512
9a744209cfd275a1e3dd8e11f1ec31335f7c4f789e4156a2e4c166b83741a6b7811a09cb7678f1bff28b5291f0dc7a254f70efecb3131ff954521c4a75408408
-
SSDEEP
12288:pOxPkPjQeqQ1Y53KR/WX+t4K5dKKVaGiL:nEeqQq3KZUMaGs
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2