arkei

General

Target

5189813965324288.zip
Size

10.6MB
Sample

220330-qqnevagebp
MD5

8ed948e9544a6fc4219d7f5b7ed365ff
SHA1

8a2da4a9bc6d47511beb82e91aa3bef2df1dda88
SHA256

7b14a38b8ab88532170f6d6abac22a6b170d5bd8c7fa2c1301479184854a9124
SHA512

c7524e4f0a110a2cc4ad219fd57e0671f6f4bc8ebbe3490af953c334e03dceac2b3fcc21f56d34576de35babb94e80280a295df62d148478579525b4ad58ee8b

Score

10^/10

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://tonyshop312.com/8cPynL7Va1.php

Targets

- Target
  
  cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa
- Size
  
  11.0MB
- MD5
  
  9ad2a9a60994ff956e0dd4678b3ef9f1
- SHA1
  
  ab7d7ec8ef3893bc599d582c80cb48639654df1d
- SHA256
  
  cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa
- SHA512
  
  012adcfeff91e107571f33bffa214385bb0f93fe81c99d45482db4225b3e07e16917d75483d30b10e955f5484ce3f0d9619df0340d1a99a638906ee881f49fec
Score

10^/10

arkei babadeda default crypter link loader pdf stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babadeda

Babadeda Crypter

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2