arkei

General

Target

582d3ef01508bca442c17fe30103052762c517978ce51e23346e6a1f7dc2e2e1
Size

33.1MB
Sample

220626-xsj9jaeaf4
MD5

a01326f71161ff1c61298c3e5e880f4f
SHA1

d95fe7c087d1075d94cb09d8278ab90497b32713
SHA256

582d3ef01508bca442c17fe30103052762c517978ce51e23346e6a1f7dc2e2e1
SHA512

0e5d514ef09cdafdec5739146edd4e6a3289e4a47f269ba6e051a412bcb09709c52c15c314653efd9a71211cdd4dfaba2163bc502ab947647ec18490b8d63bbc

Score

10^/10

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://93.159.221.78/EpkC2Ze5OX.php

Targets

- Target
  
  582d3ef01508bca442c17fe30103052762c517978ce51e23346e6a1f7dc2e2e1
- Size
  
  33.1MB
- MD5
  
  a01326f71161ff1c61298c3e5e880f4f
- SHA1
  
  d95fe7c087d1075d94cb09d8278ab90497b32713
- SHA256
  
  582d3ef01508bca442c17fe30103052762c517978ce51e23346e6a1f7dc2e2e1
- SHA512
  
  0e5d514ef09cdafdec5739146edd4e6a3289e4a47f269ba6e051a412bcb09709c52c15c314653efd9a71211cdd4dfaba2163bc502ab947647ec18490b8d63bbc
Score

10^/10

arkei babadeda default crypter loader stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Babadeda

Babadeda Crypter

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2