arkei | 3ec60ccea3fec48d3ea33c63d7d66ec1d3badb174963e8dffe8ce528473c6886 | Triage

Submit
Reports

Overview

overview

Static

static

Patch.exe

windows10-1703-x64

Sharing

General

Target

Patch.exe
Size

174KB
Sample

220819-1jnr5sdde5
MD5

9d976aa0b7b02302e0e89466040080d0
SHA1

70c91eee4491050908bb74c5c00ff0f01efff7a3
SHA256

3ec60ccea3fec48d3ea33c63d7d66ec1d3badb174963e8dffe8ce528473c6886
SHA512

c8b1c3ff4a21baf629147271ce57b7762e692cf94fb430b10e0eab22c0833d7881b1a6724a08844abe0dc98a4f964ef1766edbbf7515bde365a4fc453b94dfcd
SSDEEP

768:rgsY7T0sl+kKGUhk6P5p32E8yNQmskkGLbvio3ZzeuOl:Hli6r2mNt0GLzl3Zc

Score

10^/10

arkei redline 1877 default discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Patch.exe

Resource

win10-20220812-en

arkei redline 1877 default discovery infostealer spyware stealer

windows10-1703-x64

16 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

1877

C2

overthinker1877.duckdns.org:60732

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  Patch.exe
- Size
  
  174KB
- MD5
  
  9d976aa0b7b02302e0e89466040080d0
- SHA1
  
  70c91eee4491050908bb74c5c00ff0f01efff7a3
- SHA256
  
  3ec60ccea3fec48d3ea33c63d7d66ec1d3badb174963e8dffe8ce528473c6886
- SHA512
  
  c8b1c3ff4a21baf629147271ce57b7762e692cf94fb430b10e0eab22c0833d7881b1a6724a08844abe0dc98a4f964ef1766edbbf7515bde365a4fc453b94dfcd
- SSDEEP
  
  768:rgsY7T0sl+kKGUhk6P5p32E8yNQmskkGLbvio3ZzeuOl:Hli6r2mNt0GLzl3Zc
Score

10^/10

arkei redline 1877 default discovery infostealer spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeiredline1877defaultdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy