arkei | c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14 | Triage

Submit
Reports

Overview

overview

Static

static

c48e5a61fd...14.exe

windows7_x64

8

c48e5a61fd...14.exe

windows10-2004_x64

Sharing

General

Target

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
Size

8.2MB
Sample

220327-m2nm7sgga3
MD5

478e874435babd1f3e3d9c382c3f868b
SHA1

9e8fccdfb2400cd286cfb8e9a7e2c4e4b932892c
SHA256

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
SHA512

23cbf711d51221989f7b344c523f3b0206bef562d3d7d0c2681c39eda515a292a3db5265ee9430f854561ad97412ceea4b5ec6c636e8d67c985c6042251e975c

Score

10^/10

arkei babadeda default crypter link loader pdf stealer

Static task

static1

Behavioral task

behavioral1

Sample

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14.exe

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14.exe

Resource

win10v2004-en-20220113

arkei babadeda default crypter link loader pdf stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://tommytshop.com/KNOuG8qeID.php

Targets

- Target
  
  c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
- Size
  
  8.2MB
- MD5
  
  478e874435babd1f3e3d9c382c3f868b
- SHA1
  
  9e8fccdfb2400cd286cfb8e9a7e2c4e4b932892c
- SHA256
  
  c48e5a61fd89ac5e950a37e1d81d2f733c16983d369dbedbb3a0c3e8c97f7b14
- SHA512
  
  23cbf711d51221989f7b344c523f3b0206bef562d3d7d0c2681c39eda515a292a3db5265ee9430f854561ad97412ceea4b5ec6c636e8d67c985c6042251e975c
Score

10^/10

arkei babadeda default crypter link loader pdf stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

arkeibabadedadefaultcrypterlinkloaderpdfstealer

© 2018-2024

Terms | Privacy