Overview

overview

10

Static

static

1

22fbdbddd0...18.exe

windows7-x64

10

22fbdbddd0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118

  • Size

    5.5MB

  • Sample

    240329-qjj4vahd41

  • MD5

    22fbdbddd05ab5346e7a7f5adb79cc2e

  • SHA1

    d42ad7f2723f699cc7de6fa079fb5373d81802d3

  • SHA256

    2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704

  • SHA512

    c6b342f3fa6c6bf70f3f56a94fc29fd8a45cdda7b31f5654c10b9fa6af7bc2f52680c65a1d8ccc6c8eb52b71069c97d78e5089770bb1da40df39f18be643c3e2

  • SSDEEP

    98304:AH7CgqLPRPYv7cZuwYx72XPo0+X+6zVfdUgqr2/xCQM70GpdQwssWhLcm0kch/0:A+gqLKB2p5c1UP2zM701wsxLN9ch/0

Score
10/10
arkeibabadedadefaultcrypterloaderstealer

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

185.215.113.39/7vlcKuayFx.php

Targets

    • Target

      22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118

    • Size

      5.5MB

    • MD5

      22fbdbddd05ab5346e7a7f5adb79cc2e

    • SHA1

      d42ad7f2723f699cc7de6fa079fb5373d81802d3

    • SHA256

      2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704

    • SHA512

      c6b342f3fa6c6bf70f3f56a94fc29fd8a45cdda7b31f5654c10b9fa6af7bc2f52680c65a1d8ccc6c8eb52b71069c97d78e5089770bb1da40df39f18be643c3e2

    • SSDEEP

      98304:AH7CgqLPRPYv7cZuwYx72XPo0+X+6zVfdUgqr2/xCQM70GpdQwssWhLcm0kch/0:A+gqLKB2p5c1UP2zM701wsxLN9ch/0

    Score
    10/10
    arkeibabadedadefaultcrypterloaderstealer

    • Arkei

      Arkei is an infostealer written in C++.

      stealerarkei

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks