General
-
Target
235c16518427f4943e8314271789f0ef.exe
-
Size
310KB
-
Sample
211125-vbnjhsbbf8
-
MD5
235c16518427f4943e8314271789f0ef
-
SHA1
50b712515ae5cb96264c3f98a5b0c9faa9569ab5
-
SHA256
bf5abbaeeaa83f75c07536fada5e7fa0be59a7fabcb8493d0f802087c97f19e7
-
SHA512
68793c236683dda7fc21e681d9d0777b028b92dd12fc37f19ab73414d3f6259d2850228eb691ab72c25eab031d640c3315b70ec60c5820c9fb0a51f0bd5973d5
Static task
static1
Behavioral task
behavioral1
Sample
235c16518427f4943e8314271789f0ef.exe
Resource
win7-en-20211014
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
235c16518427f4943e8314271789f0ef.exe
-
Size
310KB
-
MD5
235c16518427f4943e8314271789f0ef
-
SHA1
50b712515ae5cb96264c3f98a5b0c9faa9569ab5
-
SHA256
bf5abbaeeaa83f75c07536fada5e7fa0be59a7fabcb8493d0f802087c97f19e7
-
SHA512
68793c236683dda7fc21e681d9d0777b028b92dd12fc37f19ab73414d3f6259d2850228eb691ab72c25eab031d640c3315b70ec60c5820c9fb0a51f0bd5973d5
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-