Description
Arkei is an infostealer written in C++.
5617cf97967fc9377f8b775f52fe43c8c54f9cab67fa164f6f903d4ebe9b79c2
169KB
211119-xe9x2abcdl
bde64a1b356c3eacaf76a9a47893a816
5b34858d77fbf9b7e0037175a5448ca3e9466178
5617cf97967fc9377f8b775f52fe43c8c54f9cab67fa164f6f903d4ebe9b79c2
a2ba793d200318fd08344c8727fda1ed1427120206a274365495434316e131d05d98ea0d7e23e3b68bcae180fe86889f8727aa793e5a299355b9964212337eff
Family | smokeloader |
Version | 2020 |
C2 |
http://host-file-host6.com/ http://host-host-file8.com/ http://srtuiyhuali.at/ http://fufuiloirtu.com/ http://amogohuigotuli.at/ http://novohudosovu.com/ http://brutuilionust.com/ http://bubushkalioua.com/ http://dumuilistrati.at/ http://verboliatsiaeeees.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | redline |
C2 |
185.159.80.90:38637 |
Family | raccoon |
Version | 1.8.3-hotfix |
Botnet | ddf183af4241e3172885cf1b2c4c1fb4ee03d05a |
Attributes |
url4cnc http://91.219.236.27/capibar http://5.181.156.92/capibar http://91.219.236.207/capibar http://185.225.19.18/capibar http://91.219.237.227/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | arkei |
Botnet | Default |
C2 |
http://file-file-host4.com/tratata.php |
Family | vidar |
Version | 48.6 |
Botnet | 706 |
C2 |
https://mastodon.online/@valhalla https://koyu.space/@valhalla |
Attributes |
profile_id 706 |
Family | redline |
Botnet | easymoneydontshiny |
C2 |
45.153.186.153:56675 |
Family | redline |
Botnet | Alex |
C2 |
178.238.8.72:49214 |
Family | redline |
Botnet | bot_tg |
C2 |
188.119.113.20:27724 |
5617cf97967fc9377f8b775f52fe43c8c54f9cab67fa164f6f903d4ebe9b79c2
bde64a1b356c3eacaf76a9a47893a816
169KB
5b34858d77fbf9b7e0037175a5448ca3e9466178
5617cf97967fc9377f8b775f52fe43c8c54f9cab67fa164f6f903d4ebe9b79c2
a2ba793d200318fd08344c8727fda1ed1427120206a274365495434316e131d05d98ea0d7e23e3b68bcae180fe86889f8727aa793e5a299355b9964212337eff
Arkei is an infostealer written in C++.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.