General
-
Target
b4e324b6448383deca3410e40bac20b36232003650b221a151b2c302503f5ebc
-
Size
294KB
-
Sample
220118-kxrsysafan
-
MD5
6b46991f3ccdc5135d2afd06da875fc3
-
SHA1
3f54e0372129ebd8ef3661edaa831e87a2ea5cb4
-
SHA256
b4e324b6448383deca3410e40bac20b36232003650b221a151b2c302503f5ebc
-
SHA512
dcc420d209e207c05cfafee99e3961822c201cf555b47295ac6feb2b8f1722af541e357b0ee8ec7d42a1c386260817cec481aea107554e84020b46d8ea2ec955
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
Extracted
raccoon
1.8.5
470193d69fd872b73819c5e70dc68242c10ccbce
-
url4cnc
http://185.163.204.22/capibar
http://178.62.113.205/capibar
https://t.me/capibar
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Extracted
raccoon
1.8.4-hotfixs
Targets
-
-
Target
b4e324b6448383deca3410e40bac20b36232003650b221a151b2c302503f5ebc
-
Size
294KB
-
MD5
6b46991f3ccdc5135d2afd06da875fc3
-
SHA1
3f54e0372129ebd8ef3661edaa831e87a2ea5cb4
-
SHA256
b4e324b6448383deca3410e40bac20b36232003650b221a151b2c302503f5ebc
-
SHA512
dcc420d209e207c05cfafee99e3961822c201cf555b47295ac6feb2b8f1722af541e357b0ee8ec7d42a1c386260817cec481aea107554e84020b46d8ea2ec955
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-