Description
Arkei is an infostealer written in C++.
1d95aa13e8ff0566509f3da609c06983d0b923ca2c3ef0b....zip
150KB
211116-e7ecqaccg5
39bcbca8aeff1eb56de12be6068eeb0b
fbba2877ac284953a711cc7682b110c3279cdb4c
c1043ea52f880d5d317a7da4edf32df40fd8a517ef3c595e289319510fd616d9
0a990f83bfeb92a542d34e0ffe96160c8fc662b14ec5b890e7f8892fcd328f39b4a4335b311e7338cf754e279256866b8d86a273eb70f737a49a511cdba3c928
Family | socelars |
C2 |
http://www.gianninidesign.com/ |
Family | redline |
Botnet | udptest |
C2 |
193.56.146.64:65441 |
Family | vidar |
Version | 48.5 |
Botnet | 937 |
C2 |
https://koyu.space/@tttaj |
Attributes |
profile_id 937 |
Family | raccoon |
Version | 1.8.3-hotfix |
Botnet | ddf183af4241e3172885cf1b2c4c1fb4ee03d05a |
Attributes |
url4cnc http://91.219.236.27/capibar http://5.181.156.92/capibar http://91.219.236.207/capibar http://185.225.19.18/capibar http://91.219.237.227/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | metasploit |
Version | windows/single_exec |
Family | smokeloader |
Version | 2020 |
C2 |
http://host-file-host6.com/ http://host-host-file8.com/ |
rc4.i32 |
|
rc4.i32 |
|
Setup.exe
9b85ec9cb71f0e4f684b2a3bb25b2752
312KB
4b6739d0f3fd9af2dccb098ebc9dd1787b378e2b
f5b3eb889230479909676d757fa8fa735133c28278b1a31e3563ffdd49c3a455
5257ccae180e3f042047c764396bf435075925861ddb44700e19bf7eefb69decc0f91820a24a3ac38640a83302037d4c9821abed817ec7bb95481fd57eed6866
Arkei is an infostealer written in C++.
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Socelars is an infostealer targeting browser cookies and credit card credentials.
Vidar is an infostealer based on Arkei stealer.
BIOS information is often read in order to detect sandboxing environments.
Looks up country code configured in the registry, likely geofence.
Infostealers often target stored browser data, which can include saved credentials etc.
Detects Themida, an advanced Windows software protection system.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.
Uses a legitimate geolocation service to find the infected system's geolocation info.