arkei | 4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e | Triage

Submit
Reports

Overview

overview

Static

static

3

4ef41d4850...7e.exe

windows7-x64

4ef41d4850...7e.exe

windows10-2004-x64

Sharing

General

Target

4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e
Size

2.3MB
Sample

241108-3e8mvs1paz
MD5

aa25a6dbf0319ac7466e5e4c8b7ee4a3
SHA1

f5cfc23ae0d2785f5aae32a07eaf15f9cfc4ac24
SHA256

4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e
SHA512

ccd6232ae5918110ef911fbd27de2619cc2a1cbf1b08029b4953166bdaaa2ba087d418726e612dc84afc803e1cc95229834e1b0c91696471b8b08e4c6ff080df
SSDEEP

49152:J84+V9pjc8VJiy7jHrpb3KPyT5cRIdesz1E:JEV9Rv7jLpjKKVGIdZ1E

Score

10^/10

arkei redline 11/13 default ошибка discovery infostealer persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e.exe

Resource

win7-20240903-en

arkei redline 11/13 default ошибка discovery infostealer persistence stealer upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e.exe

Resource

win10v2004-20241007-en

arkei redline 11/13 default ошибка discovery infostealer persistence stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

188.212.124.13/lYWcN6H7B1.php

Extracted

Family

redline

Botnet

ОШИБКА

C2

185.183.32.161:45391

Attributes

auth_value
d18b47a36849f89352e431c80fc6cb5d

Extracted

Family

redline

Botnet

11/13

C2

94.103.9.133:1169

Attributes

auth_value
b69e61a3d7a039daa16500dfdc1eaa12

Targets

- Target
  
  4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e
- Size
  
  2.3MB
- MD5
  
  aa25a6dbf0319ac7466e5e4c8b7ee4a3
- SHA1
  
  f5cfc23ae0d2785f5aae32a07eaf15f9cfc4ac24
- SHA256
  
  4ef41d48509cbc289c46f9b252d780ea1abd83e849c42a47bf7b481b79fead7e
- SHA512
  
  ccd6232ae5918110ef911fbd27de2619cc2a1cbf1b08029b4953166bdaaa2ba087d418726e612dc84afc803e1cc95229834e1b0c91696471b8b08e4c6ff080df
- SSDEEP
  
  49152:J84+V9pjc8VJiy7jHrpb3KPyT5cRIdesz1E:JEV9Rv7jLpjKKVGIdZ1E
Score

10^/10

arkei redline 11/13 default ошибка discovery infostealer persistence stealer upx
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei family
  arkei
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeiredline11/13defaultошибкаdiscoveryinfostealerpersistencestealerupx

behavioral2

arkeiredline11/13defaultошибкаdiscoveryinfostealerpersistencestealerupx

© 2018-2024

Terms | Privacy