General
-
Target
54cada1b9db82b02330bb5b912993fcb.exe
-
Size
190KB
-
Sample
211125-vdd3vsbbg3
-
MD5
54cada1b9db82b02330bb5b912993fcb
-
SHA1
c3b3dcb9ef275c3f2e2f8cec28d4440df6c746b0
-
SHA256
3cca77d790fbff02b5671b017a33b127bcff121040b7289d7a310974fc4f3378
-
SHA512
d8b2e569590e50a52327a2e770c9b17e013e1ce297142dd81f71b1dd09b5fde97e7379518db6b3aa12ee1ebe06ee8672c52516899fc2f729f2b90660cba084b0
Static task
static1
Behavioral task
behavioral1
Sample
54cada1b9db82b02330bb5b912993fcb.exe
Resource
win7-en-20211104
Malware Config
Extracted
arkei
Default
http://die-grausamste-herrin.at/wp.php
Targets
-
-
Target
54cada1b9db82b02330bb5b912993fcb.exe
-
Size
190KB
-
MD5
54cada1b9db82b02330bb5b912993fcb
-
SHA1
c3b3dcb9ef275c3f2e2f8cec28d4440df6c746b0
-
SHA256
3cca77d790fbff02b5671b017a33b127bcff121040b7289d7a310974fc4f3378
-
SHA512
d8b2e569590e50a52327a2e770c9b17e013e1ce297142dd81f71b1dd09b5fde97e7379518db6b3aa12ee1ebe06ee8672c52516899fc2f729f2b90660cba084b0
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-