Overview

overview

10

Static

static

74b4d14d2d...bf.exe

windows7_x64

10

74b4d14d2d...bf.exe

windows10-2004_x64

10

Resubmissions

19-01-2022 16:34

220119-t23wfsbecm 10

25-11-2021 12:37

211125-ptgwssfbhj 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74b4d14d2d1af6642d5867eb89c277aa02f5e4ac667d87b5aca380f40eabe1bf

  • Size

    6.5MB

  • Sample

    220119-t23wfsbecm

  • MD5

    458c04ae359dbe061aeef0141ee3a564

  • SHA1

    b70b8ac0ebda6a4f3f6628f1c0bd26e2df4a55ec

  • SHA256

    74b4d14d2d1af6642d5867eb89c277aa02f5e4ac667d87b5aca380f40eabe1bf

  • SHA512

    f0f967fce0377ab3b1190d4e288747cdc3df57fc267b6319940d8c867f84b1b9ce4731d28c8b2075971ffc4b105a81a9087ccc7e25e677b9565bd37b9266aa1e

Score
10/10
arkeibabadedadefaultcrypterloaderstealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://185.215.113.39/7vlcKuayFx.php

Targets

    • Target

      74b4d14d2d1af6642d5867eb89c277aa02f5e4ac667d87b5aca380f40eabe1bf

    • Size

      6.5MB

    • MD5

      458c04ae359dbe061aeef0141ee3a564

    • SHA1

      b70b8ac0ebda6a4f3f6628f1c0bd26e2df4a55ec

    • SHA256

      74b4d14d2d1af6642d5867eb89c277aa02f5e4ac667d87b5aca380f40eabe1bf

    • SHA512

      f0f967fce0377ab3b1190d4e288747cdc3df57fc267b6319940d8c867f84b1b9ce4731d28c8b2075971ffc4b105a81a9087ccc7e25e677b9565bd37b9266aa1e

    Score
    10/10
    arkeibabadedadefaultcrypterloaderstealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Arkei Stealer Payload

      stealer

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks