Resubmissions

19-01-2022 16:33

220119-t22cmabeh7 10

25-11-2021 12:38

211125-pt3hhaaee7 8

General

  • Target

    c920b2de025019e9a406e9b2f0ac2cbbfc18d65eac15f59ca8921c5fb4bfa240

  • Size

    4MB

  • Sample

    220119-t22cmabeh7

  • MD5

    dbe9736b562b2bcce0b531fdfeaded32

  • SHA1

    a36ac4af321f97964885b801601aaee816f405d1

  • SHA256

    c920b2de025019e9a406e9b2f0ac2cbbfc18d65eac15f59ca8921c5fb4bfa240

  • SHA512

    9dc69b482a510482b6aa6992924daf39b96bb43ab9017d6919120288e3d7936717b21aa24cd12c51d64d446eecc626bdc0ddfd0222cff5fde8010d110edea849

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://185.215.113.39/7vlcKuayFx.php

Targets

    • Target

      c920b2de025019e9a406e9b2f0ac2cbbfc18d65eac15f59ca8921c5fb4bfa240

    • Size

      4MB

    • MD5

      dbe9736b562b2bcce0b531fdfeaded32

    • SHA1

      a36ac4af321f97964885b801601aaee816f405d1

    • SHA256

      c920b2de025019e9a406e9b2f0ac2cbbfc18d65eac15f59ca8921c5fb4bfa240

    • SHA512

      9dc69b482a510482b6aa6992924daf39b96bb43ab9017d6919120288e3d7936717b21aa24cd12c51d64d446eecc626bdc0ddfd0222cff5fde8010d110edea849

    • Arkei

      Arkei is an infostealer written in C++.

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Arkei Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks