arkei | a955ecf7a3c88536c733df3a1bfe601085e8123322dab621224ea734e25fc29d | Triage

Sharing

General

Target

a955ecf7a3c88536c733df3a1bfe601085e8123322dab621224ea734e25fc29d
Size

20KB
Sample

220324-br98nsbde7
MD5

5cb8532febf33e4df536edf543b6858d
SHA1

33532a03c23eedee6a0ceb1519258e9e0d3d90cb
SHA256

a955ecf7a3c88536c733df3a1bfe601085e8123322dab621224ea734e25fc29d
SHA512

9c36ffe2c753f797304e6c864f6f8c9d72c272dc91fb8203b381431a52c0db9674725f3603012a870d4ebd87ceae9d34330ef156fdee95590a812c0ea1f8310b

Score

10^/10

arkei raccoon 125d9f8ed76e486f6563be097a710bd4cba7f7f2 default stealer

Malware Config

Extracted

Family

raccoon

Botnet

125d9f8ed76e486f6563be097a710bd4cba7f7f2

Attributes

url4cnc
http://5.252.178.180/brikitiki
https://t.me/brikitiki

rc4.plain

rc4.plain

Extracted

Family

arkei

Botnet

Default

C2

http://62.204.41.69/p8jG9WvgbE.php

Targets

- Target
  
  a955ecf7a3c88536c733df3a1bfe601085e8123322dab621224ea734e25fc29d
- Size
  
  20KB
- MD5
  
  5cb8532febf33e4df536edf543b6858d
- SHA1
  
  33532a03c23eedee6a0ceb1519258e9e0d3d90cb
- SHA256
  
  a955ecf7a3c88536c733df3a1bfe601085e8123322dab621224ea734e25fc29d
- SHA512
  
  9c36ffe2c753f797304e6c864f6f8c9d72c272dc91fb8203b381431a52c0db9674725f3603012a870d4ebd87ceae9d34330ef156fdee95590a812c0ea1f8310b
Score

10^/10

arkei raccoon 125d9f8ed76e486f6563be097a710bd4cba7f7f2 default stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeiraccoon125d9f8ed76e486f6563be097a710bd4cba7f7f2defaultstealer