arkei | 2ce76d4547bb19c7eefbcb1cf9669cc44abd7e565e44e48d10a4cddde8552715 | Triage

Submit
Reports

Overview

overview

Static

static

3

e80579baf1...cc.exe

windows10-2004-x64

Sharing

General

Target

e80579baf175626787070bf61f75b4b810eb9d9bdb653972ad40797ee5ff82cc.7z
Size

4.4MB
Sample

241214-wpdrxazmdx
MD5

672cfd8d65ec1036fdbe80a6c4a5fd2f
SHA1

c376305979dff0f02798b92484421a20c44b2777
SHA256

2ce76d4547bb19c7eefbcb1cf9669cc44abd7e565e44e48d10a4cddde8552715
SHA512

c4e15ede56848099487701c3d8b003a5e0a6ac1e095a924fe3962b3465160c5db81eaf8e5362e96d25f0796647ab37dea8a391e0216de9b903d9a3a5ebb11157
SSDEEP

98304:D6HQhnW9ZNPbqkZ8TgZlvmT+s/O2svSkA+tDlzOsxIWcc9IWN5ZUVcSOT21X:GHQhnWPtbbZhD8+s/9sVA+tBzvxIW7La

Score

10^/10

arkei babadeda default crypter discovery loader stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e80579baf175626787070bf61f75b4b810eb9d9bdb653972ad40797ee5ff82cc.exe

Resource

win10v2004-20241007-en

arkei babadeda default crypter discovery loader stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

185.215.113.39/7vlcKuayFx.php

Targets

- Target
  
  e80579baf175626787070bf61f75b4b810eb9d9bdb653972ad40797ee5ff82cc
- Size
  
  5.0MB
- MD5
  
  360a8874d4d0fe45bf44f54c82ae99d3
- SHA1
  
  f145f9c6e1ef7be5e0095d3cd7b6a337e32c25c6
- SHA256
  
  e80579baf175626787070bf61f75b4b810eb9d9bdb653972ad40797ee5ff82cc
- SHA512
  
  7894365f80c2d78d85678eaeb1e2b876749e013b2ac297926ce452a6d304aa5ad408941cbc5b1cf9b31c4242b3eb0ebc39a0f6c94ea81655ac071fc77ad992e2
- SSDEEP
  
  98304:8Sir2GLhfKDyTuwdbvLMv4JROOLYG0WU7TKhhd1gonPcMc:LGRKDyTjDMvwOavbQWL1/ct
Score

10^/10

arkei babadeda default crypter discovery loader stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei family
  arkei
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Babadeda family
  babadeda
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeibabadedadefaultcrypterdiscoveryloaderstealer

© 2018-2024

Terms | Privacy