Description
Arkei is an infostealer written in C++.
668319992e6622e37a5d7db425132fed7915d8a8478edcb9e856f0b8fac05f6c
168KB
211119-yyfnzaeea5
784b3a782f6b873d1b2dd84d3f970b9a
f3a8abbb3f235980ae6cab913490dc4ee773b848
668319992e6622e37a5d7db425132fed7915d8a8478edcb9e856f0b8fac05f6c
72420b23c82a08599ca4400a9bb62521c230c7aa9d661496a24a1b4d1f4a530f506fb70bee782db8a4f3683c08057da93f550575385464304fa7be5ec35c4eb4
Family | smokeloader |
Version | 2020 |
C2 |
http://host-file-host6.com/ http://host-host-file8.com/ http://srtuiyhuali.at/ http://fufuiloirtu.com/ http://amogohuigotuli.at/ http://novohudosovu.com/ http://brutuilionust.com/ http://bubushkalioua.com/ http://dumuilistrati.at/ http://verboliatsiaeeees.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | redline |
C2 |
185.159.80.90:38637 |
Family | raccoon |
Version | 1.8.3-hotfix |
Botnet | ddf183af4241e3172885cf1b2c4c1fb4ee03d05a |
Attributes |
url4cnc http://91.219.236.27/capibar http://5.181.156.92/capibar http://91.219.236.207/capibar http://185.225.19.18/capibar http://91.219.237.227/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | arkei |
Botnet | Default |
C2 |
http://file-file-host4.com/tratata.php |
Family | vidar |
Version | 48.6 |
Botnet | 706 |
C2 |
https://mastodon.online/@valhalla https://koyu.space/@valhalla |
Attributes |
profile_id 706 |
Family | redline |
Botnet | easymoneydontshiny |
C2 |
45.153.186.153:56675 |
668319992e6622e37a5d7db425132fed7915d8a8478edcb9e856f0b8fac05f6c
784b3a782f6b873d1b2dd84d3f970b9a
168KB
f3a8abbb3f235980ae6cab913490dc4ee773b848
668319992e6622e37a5d7db425132fed7915d8a8478edcb9e856f0b8fac05f6c
72420b23c82a08599ca4400a9bb62521c230c7aa9d661496a24a1b4d1f4a530f506fb70bee782db8a4f3683c08057da93f550575385464304fa7be5ec35c4eb4
Arkei is an infostealer written in C++.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Vidar is an infostealer based on Arkei stealer.
BIOS information is often read in order to detect sandboxing environments.
Infostealers often target stored browser data, which can include saved credentials etc.
Detects Themida, an advanced Windows software protection system.
Looks up Uninstall key entries in the registry to enumerate software on the system.