arkei

General

Target

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
Size

8.2MB
Sample

220327-m2nm7sgga3
MD5

478e874435babd1f3e3d9c382c3f868b
SHA1

9e8fccdfb2400cd286cfb8e9a7e2c4e4b932892c
SHA256

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
SHA512

23cbf711d51221989f7b344c523f3b0206bef562d3d7d0c2681c39eda515a292a3db5265ee9430f854561ad97412ceea4b5ec6c636e8d67c985c6042251e975c

Score

10^/10

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://tommytshop.com/KNOuG8qeID.php

Targets

- Target
  
  c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
- Size
  
  8.2MB
- MD5
  
  478e874435babd1f3e3d9c382c3f868b
- SHA1
  
  9e8fccdfb2400cd286cfb8e9a7e2c4e4b932892c
- SHA256
  
  c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
- SHA512
  
  23cbf711d51221989f7b344c523f3b0206bef562d3d7d0c2681c39eda515a292a3db5265ee9430f854561ad97412ceea4b5ec6c636e8d67c985c6042251e975c
Score

10^/10

arkei babadeda default crypter link loader pdf stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babadeda

Babadeda Crypter

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2