arkei | 9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76
Size

294KB
Sample

220118-k3pwjsadf8
MD5

54a3dfc84ff3a92eb7f51a2f6b36d25c
SHA1

9c618d3d30ff3a5883983899ac2601784e3324de
SHA256

9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76
SHA512

bc8e89ef7bae0c2be1005c5d7fec9a4dd03bb61c6c9f5e8b501f2bd0ed396a2bc66bb00be4ebbff056a38a0b78132617d8149fafb421305a8691572c5113aa94

Score

10^/10

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76.exe

Resource

win10-en-20211208

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Version

1.8.5

Botnet

470193d69fd872b73819c5e70dc68242c10ccbce

Attributes

url4cnc
http://185.163.204.22/capibar
http://178.62.113.205/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Targets

- Target
  
  9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76
- Size
  
  294KB
- MD5
  
  54a3dfc84ff3a92eb7f51a2f6b36d25c
- SHA1
  
  9c618d3d30ff3a5883983899ac2601784e3324de
- SHA256
  
  9892f3f1d41d84ed558b9268de41b9a3f252b50c9a4d73c18ce7a9dd6dd78f76
- SHA512
  
  bc8e89ef7bae0c2be1005c5d7fec9a4dd03bb61c6c9f5e8b501f2bd0ed396a2bc66bb00be4ebbff056a38a0b78132617d8149fafb421305a8691572c5113aa94
Score

10^/10

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeiraccoonsmokeloader470193d69fd872b73819c5e70dc68242c10ccbcedefaultbackdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy