General
-
Target
3c84cce3867660912739106e235ed948.exe
-
Size
375KB
-
Sample
211125-vcadaafghp
-
MD5
3c84cce3867660912739106e235ed948
-
SHA1
a2236630a73791330822d68db8e1e6c4fe61b183
-
SHA256
4ba7148fbd3d102ac4ff4da19e24130c7708da3a5a6ff0dd73508892e56e7cb1
-
SHA512
25cf3859e0c4487d39d62815245f7d5797d766de3cb2afa4924d4a38b70e032debc1926a4fde7031bb6205e004a689728aa8c04b5dd921d5fee9eefff098b361
Static task
static1
Behavioral task
behavioral1
Sample
3c84cce3867660912739106e235ed948.exe
Resource
win7-en-20211104
Malware Config
Extracted
arkei
Default
http://die-grausamste-herrin.at/wp.php
Targets
-
-
Target
3c84cce3867660912739106e235ed948.exe
-
Size
375KB
-
MD5
3c84cce3867660912739106e235ed948
-
SHA1
a2236630a73791330822d68db8e1e6c4fe61b183
-
SHA256
4ba7148fbd3d102ac4ff4da19e24130c7708da3a5a6ff0dd73508892e56e7cb1
-
SHA512
25cf3859e0c4487d39d62815245f7d5797d766de3cb2afa4924d4a38b70e032debc1926a4fde7031bb6205e004a689728aa8c04b5dd921d5fee9eefff098b361
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-