Description
Arkei is an infostealer written in C++.
a70760071dea52443d726965f9feef8a66848b6c6288e9354f8ca1e0e898f624
327KB
211226-phxg4saahk
5b1acd2b240c202e0ce3fdde8b2ac77c
f6eaa730293d7ea39f0e2c6be770146691bfbd9c
a70760071dea52443d726965f9feef8a66848b6c6288e9354f8ca1e0e898f624
9a7a6ce9d460c9f38f037a5caef5ad0faf33eef3bc9ffd1c1bede523e75dce3a72f21492a2d23d179caa9b4312c08547b381fa43da2234445b5f2b0028fdac22
Family | smokeloader |
Version | 2020 |
C2 |
http://host-data-coin-11.com/ http://file-coin-host-12.com/ http://srtuiyhuali.at/ http://fufuiloirtu.com/ http://amogohuigotuli.at/ http://novohudosovu.com/ http://brutuilionust.com/ http://bubushkalioua.com/ http://dumuilistrati.at/ http://verboliatsiaeeees.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | tofsee |
C2 |
parubey.info patmushta.info |
Family | redline |
Botnet | 1 |
C2 |
86.107.197.138:38133 |
Family | raccoon |
Botnet | 10da56e7e71e97bdc1f36eb76813bbc3231de7e4 |
Attributes |
url4cnc http://194.180.174.53/capibar http://91.219.236.18/capibar http://194.180.174.41/capibar http://91.219.236.148/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
a70760071dea52443d726965f9feef8a66848b6c6288e9354f8ca1e0e898f624
5b1acd2b240c202e0ce3fdde8b2ac77c
327KB
f6eaa730293d7ea39f0e2c6be770146691bfbd9c
a70760071dea52443d726965f9feef8a66848b6c6288e9354f8ca1e0e898f624
9a7a6ce9d460c9f38f037a5caef5ad0faf33eef3bc9ffd1c1bede523e75dce3a72f21492a2d23d179caa9b4312c08547b381fa43da2234445b5f2b0028fdac22
Arkei is an infostealer written in C++.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
Vidar is an infostealer based on Arkei stealer.
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
XMRig is a high performance, open source, cross platform CPU/GPU miner.
BIOS information is often read in order to detect sandboxing environments.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.