Description
Arkei is an infostealer written in C++.
9e93213e249415159b0b616a4e1e6504
280KB
211120-j3whnacebl
9e93213e249415159b0b616a4e1e6504
4c5f8fdff30f48b5cd554dd5dfd94bf4f28bf51b
b1db9a17312d9287f7ca3c6763a7741b758b88481657479a6212aa23c535b48c
c6b198c776baad337e7473ab2eac778cdfa390eafd502fbf659863fc3cf972ffb685bd924c8ea6383fd6b5ae0f8f5f4b325a2864f8c46450e000c66e05c2dec1
Family | smokeloader |
Version | 2020 |
C2 |
http://host-file-host6.com/ http://host-host-file8.com/ http://srtuiyhuali.at/ http://fufuiloirtu.com/ http://amogohuigotuli.at/ http://novohudosovu.com/ http://brutuilionust.com/ http://bubushkalioua.com/ http://dumuilistrati.at/ http://verboliatsiaeeees.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | redline |
C2 |
185.159.80.90:38637 |
Family | raccoon |
Version | 1.8.3-hotfix |
Botnet | ddf183af4241e3172885cf1b2c4c1fb4ee03d05a |
Attributes |
url4cnc http://91.219.236.27/capibar http://5.181.156.92/capibar http://91.219.236.207/capibar http://185.225.19.18/capibar http://91.219.237.227/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | arkei |
Botnet | Default |
C2 |
http://file-file-host4.com/tratata.php |
Family | raccoon |
Version | 1.8.3-hotfix |
Botnet | 59885c564847bf29ddd9457b81c619998245ba90 |
Attributes |
url4cnc http://91.219.236.27/opussenseus1 http://5.181.156.92/opussenseus1 http://91.219.236.207/opussenseus1 http://185.225.19.18/opussenseus1 http://91.219.237.227/opussenseus1 https://t.me/opussenseus1 |
rc4.plain |
|
rc4.plain |
|
Family | redline |
Botnet | Alex |
C2 |
178.238.8.72:49214 |
Family | redline |
Botnet | bot_tg |
C2 |
188.119.113.20:27724 |
Family | vidar |
Version | 48.6 |
Botnet | 706 |
C2 |
https://mastodon.online/@valhalla https://koyu.space/@valhalla |
Attributes |
profile_id 706 |
9e93213e249415159b0b616a4e1e6504
9e93213e249415159b0b616a4e1e6504
280KB
4c5f8fdff30f48b5cd554dd5dfd94bf4f28bf51b
b1db9a17312d9287f7ca3c6763a7741b758b88481657479a6212aa23c535b48c
c6b198c776baad337e7473ab2eac778cdfa390eafd502fbf659863fc3cf972ffb685bd924c8ea6383fd6b5ae0f8f5f4b325a2864f8c46450e000c66e05c2dec1
Arkei is an infostealer written in C++.
This typically indicates the parent process was compromised via an exploit or macro.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE DCRAT Activity (GET)
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.