arkei

General

Target

zxcvb.exe
Size

586KB
Sample

220731-f6pmqsahe3
MD5

131a32033cf88976a8df48361b90207d
SHA1

ce260393460fa5d4cbfa17d3329fd33594810add
SHA256

d75d7b0534ff648f16f5751be79a2c23158b6412a780180aec78c77c7e95071d
SHA512

120a4ef120c7b2d4c07af7e6418eaf83d7f3d41ba13f41ce2e494f76182c4b07fd16ec2ceaf1937ba3e76ecb9149cc42edba315e818dad09882cf77a62f6c708

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

8a4fd4b44997ba634230ba5c422ca9f2

C2

http://193.106.191.146/

http://185.215.113.89/

rc4.plain

Extracted

Family

arkei

Botnet

Default

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  zxcvb.exe
- Size
  
  586KB
- MD5
  
  131a32033cf88976a8df48361b90207d
- SHA1
  
  ce260393460fa5d4cbfa17d3329fd33594810add
- SHA256
  
  d75d7b0534ff648f16f5751be79a2c23158b6412a780180aec78c77c7e95071d
- SHA512
  
  120a4ef120c7b2d4c07af7e6418eaf83d7f3d41ba13f41ce2e494f76182c4b07fd16ec2ceaf1937ba3e76ecb9149cc42edba315e818dad09882cf77a62f6c708
Score

10^/10

arkei azorult raccoon 8a4fd4b44997ba634230ba5c422ca9f2 default infostealer spyware stealer trojan
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Azorult

Raccoon

Raccoon Stealer payload

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2