arkei | fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
Size

284KB
Sample

220118-mxz6faage5
MD5

00a63db31b56e07a78302135ef563b39
SHA1

7e88a6d29c3111a6fc4b48e6581649c938882839
SHA256

fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
SHA512

e7f0334b4d66cb1799668b3b7a3a31cb71397b8de1c77177e109a975826493cf91692eec87d8a0f4c532cb01d82fcc62528a8209e52a256aab9864c52045f5e5

Score

10^/10

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc.exe

Resource

win10-en-20211208

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Version

1.8.5

Botnet

470193d69fd872b73819c5e70dc68242c10ccbce

Attributes

url4cnc
http://185.163.204.22/capibar
http://178.62.113.205/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Extracted

Family

arkei

Botnet

Default

C2

http://file-file-host4.com/tratata.php

Extracted

Family

raccoon

Version

1.8.4-hotfixs

rc4.plain

Targets

- Target
  
  fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
- Size
  
  284KB
- MD5
  
  00a63db31b56e07a78302135ef563b39
- SHA1
  
  7e88a6d29c3111a6fc4b48e6581649c938882839
- SHA256
  
  fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
- SHA512
  
  e7f0334b4d66cb1799668b3b7a3a31cb71397b8de1c77177e109a975826493cf91692eec87d8a0f4c532cb01d82fcc62528a8209e52a256aab9864c52045f5e5
Score

10^/10

arkei raccoon smokeloader 470193d69fd872b73819c5e70dc68242c10ccbce default backdoor discovery spyware stealer trojan
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeiraccoonsmokeloader470193d69fd872b73819c5e70dc68242c10ccbcedefaultbackdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy