arkei

General

Target

Redline 23 Cracked.zip
Size

7.0MB
Sample

220829-lnyetagdg7
MD5

5ac7c8ba4406b22ba49cddca443501f6
SHA1

d4b9d261431e340a8b84393db14943e2bba5b996
SHA256

fc2cf10cfbf4d2cf4182efb7230b782b7059cc7f72d015dc5962b5bea5b17fd0
SHA512

87ff0909cbe4cb8e043d494266f6b00644c389d553bd04dbc3e77ed6006397cd822af650f36e6c56eee71fd8ee7e8dc99c52358062a1c9a39ad8e71c01978781
SSDEEP

196608:pLxIiugai2tiR8V5XihGEesW1p3j9BmGI:dxI6aAW5Xi9W115BhI

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

1877

C2

overthinker1877.duckdns.org:60732

Extracted

Family

arkei

Botnet

Default

Targets

- Target
  
  Panel.exe
- Size
  
  9.3MB
- MD5
  
  f4e19b67ef27af1434151a512860574e
- SHA1
  
  56304fc2729974124341e697f3b21c84a8dd242a
- SHA256
  
  c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a
- SHA512
  
  a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77
- SSDEEP
  
  196608:mJQaPHrQqXs140qMhu8369sV+HLz9SKUeNdDhHidVI1SM52n3iWuUZ/c1sxXoP3p:mJQaPHrQqXs140qMhu8369sV+HLz9SKI
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Patch.exe
- Size
  
  174KB
- MD5
  
  9d976aa0b7b02302e0e89466040080d0
- SHA1
  
  70c91eee4491050908bb74c5c00ff0f01efff7a3
- SHA256
  
  3ec60ccea3fec48d3ea33c63d7d66ec1d3badb174963e8dffe8ce528473c6886
- SHA512
  
  c8b1c3ff4a21baf629147271ce57b7762e692cf94fb430b10e0eab22c0833d7881b1a6724a08844abe0dc98a4f964ef1766edbbf7515bde365a4fc453b94dfcd
- SSDEEP
  
  768:rgsY7T0sl+kKGUhk6P5p32E8yNQmskkGLbvio3ZzeuOl:Hli6r2mNt0GLzl3Zc
Score

10^/10

arkei redline 1877 default discovery infostealer spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

4

T1012

System Information Discovery

5

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

RedLine

RedLine payload

Checks computer location settings

Suspicious use of NtSetInformationThreadHideFromDebugger

RedLine

RedLine payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2