arkei | 7b14a38b8ab88532170f6d6abac22a6b170d5bd8c7fa2c1301479184854a9124 | Triage

Submit
Reports

Overview

overview

Static

static

cf1d4bf6b4...fa.exe

windows7_x64

cf1d4bf6b4...fa.exe

windows10-2004_x64

Sharing

General

Target

5189813965324288.zip
Size

10.6MB
Sample

220330-qqnevagebp
MD5

8ed948e9544a6fc4219d7f5b7ed365ff
SHA1

8a2da4a9bc6d47511beb82e91aa3bef2df1dda88
SHA256

7b14a38b8ab88532170f6d6abac22a6b170d5bd8c7fa2c1301479184854a9124
SHA512

c7524e4f0a110a2cc4ad219fd57e0671f6f4bc8ebbe3490af953c334e03dceac2b3fcc21f56d34576de35babb94e80280a295df62d148478579525b4ad58ee8b

Score

10^/10

arkei babadeda default crypter link loader pdf stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe

Resource

win7-20220310-en

arkei babadeda default crypter link loader pdf stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe

Resource

win10v2004-en-20220113

arkei babadeda default crypter link loader pdf stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://tonyshop312.com/8cPynL7Va1.php

Targets

- Target
  
  cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa
- Size
  
  11.0MB
- MD5
  
  9ad2a9a60994ff956e0dd4678b3ef9f1
- SHA1
  
  ab7d7ec8ef3893bc599d582c80cb48639654df1d
- SHA256
  
  cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa
- SHA512
  
  012adcfeff91e107571f33bffa214385bb0f93fe81c99d45482db4225b3e07e16917d75483d30b10e955f5484ce3f0d9619df0340d1a99a638906ee881f49fec
Score

10^/10

arkei babadeda default crypter link loader pdf stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeibabadedadefaultcrypterlinkloaderpdfstealer

behavioral2

arkeibabadedadefaultcrypterlinkloaderpdfstealer

© 2018-2025

Terms | Privacy