arkei | 17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f | Triage

Submit
Reports

Overview

overview

Static

static

17c6f4e45d...3f.exe

windows7_x64

17c6f4e45d...3f.exe

windows10-2004_x64

Resubmissions

19-01-2022 16:33

220119-t2qacsbeh6 10

25-11-2021 12:35

211125-pskw3aaee2 8

Sharing

General

Target

17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f
Size

6.5MB
Sample

220119-t2qacsbeh6
MD5

b16e827ee8db29cb90c85570f41b9409
SHA1

ae319c1b25eebe9b6256d9efce5da495e7483c77
SHA256

17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f
SHA512

496e5e096ca6dde20dbe220cd7a628fdee4803a0ba82b961e322b206cf65f7b0b5748ff51f5fd2dec26e3329ae6208f12d570ea7158cbe08d8ddf2ed4e7684c1

Score

10^/10

arkei babadeda default crypter loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f.exe

Resource

win7-en-20211208

arkei babadeda default crypter loader stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f.exe

Resource

win10v2004-en-20220112

arkei babadeda default crypter loader stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://185.215.113.39/7vlcKuayFx.php

Targets

- Target
  
  17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f
- Size
  
  6.5MB
- MD5
  
  b16e827ee8db29cb90c85570f41b9409
- SHA1
  
  ae319c1b25eebe9b6256d9efce5da495e7483c77
- SHA256
  
  17c6f4e45d44bd4c06212139f521976b87ed5a6ddcd0e4e5e978e64dabb3883f
- SHA512
  
  496e5e096ca6dde20dbe220cd7a628fdee4803a0ba82b961e322b206cf65f7b0b5748ff51f5fd2dec26e3329ae6208f12d570ea7158cbe08d8ddf2ed4e7684c1
Score

10^/10

arkei babadeda default crypter loader stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Arkei Stealer Payload
  stealer
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeibabadedadefaultcrypterloaderstealer

behavioral2

arkeibabadedadefaultcrypterloaderstealer

© 2018-2025

Terms | Privacy