arkei | f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
Size

319KB
Sample

211203-n4ad2abde6
MD5

24ff8d2f666e28dfee4bf3c0260d9b75
SHA1

f22d725a9c34f36a54b068fec6defd3fcb5e8f3a
SHA256

f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
SHA512

aa9c3978e3c1b8c07eee112e0ebfbeb8291166adc5504f5236b10d159b95c54225a59df4f879192c765ea05a854f990f2f982c8eda079c368f33601dbfca76d2

Score

10^/10

arkei cryptbot redline smokeloader default backdoor infostealer spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f.exe

Resource

win10-en-20211104

arkei cryptbot redline smokeloader default backdoor infostealer spyware stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

http://srtuiyhuali.at/

http://fufuiloirtu.com/

http://amogohuigotuli.at/

http://novohudosovu.com/

http://brutuilionust.com/

http://bubushkalioua.com/

http://dumuilistrati.at/

http://verboliatsiaeeees.com/

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Extracted

Family

redline

C2

92.255.76.197:38637

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
- Size
  
  319KB
- MD5
  
  24ff8d2f666e28dfee4bf3c0260d9b75
- SHA1
  
  f22d725a9c34f36a54b068fec6defd3fcb5e8f3a
- SHA256
  
  f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
- SHA512
  
  aa9c3978e3c1b8c07eee112e0ebfbeb8291166adc5504f5236b10d159b95c54225a59df4f879192c765ea05a854f990f2f982c8eda079c368f33601dbfca76d2
Score

10^/10

arkei cryptbot redline smokeloader default backdoor infostealer spyware stealer themida trojan
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeicryptbotredlinesmokeloaderdefaultbackdoorinfostealerspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy