General
-
Target
805f57c03765ff96ded93e24427c3f688be082b3efcbe219baf4b52f7397b69d
-
Size
330KB
-
Sample
220117-yrh6hscfbk
-
MD5
d5468c46e16d75610e59b9c51a5103a5
-
SHA1
ca89b863766f71adbed85598b3d45689262bd75a
-
SHA256
805f57c03765ff96ded93e24427c3f688be082b3efcbe219baf4b52f7397b69d
-
SHA512
7ea91d21fb9cd3db374b67cf1f350bb0a3e0160018ae443e11d8a40150d02335f4cb928aa68b72836196063e97510bc34aef3caa30bb606e8b734d2fd94bfa20
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
805f57c03765ff96ded93e24427c3f688be082b3efcbe219baf4b52f7397b69d
-
Size
330KB
-
MD5
d5468c46e16d75610e59b9c51a5103a5
-
SHA1
ca89b863766f71adbed85598b3d45689262bd75a
-
SHA256
805f57c03765ff96ded93e24427c3f688be082b3efcbe219baf4b52f7397b69d
-
SHA512
7ea91d21fb9cd3db374b67cf1f350bb0a3e0160018ae443e11d8a40150d02335f4cb928aa68b72836196063e97510bc34aef3caa30bb606e8b734d2fd94bfa20
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-