General
-
Target
fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
-
Size
284KB
-
Sample
220118-mxz6faage5
-
MD5
00a63db31b56e07a78302135ef563b39
-
SHA1
7e88a6d29c3111a6fc4b48e6581649c938882839
-
SHA256
fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
-
SHA512
e7f0334b4d66cb1799668b3b7a3a31cb71397b8de1c77177e109a975826493cf91692eec87d8a0f4c532cb01d82fcc62528a8209e52a256aab9864c52045f5e5
Static task
static1
Behavioral task
behavioral1
Sample
fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc.exe
Resource
win10-en-20211208
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
Extracted
raccoon
1.8.5
470193d69fd872b73819c5e70dc68242c10ccbce
-
url4cnc
http://185.163.204.22/capibar
http://178.62.113.205/capibar
https://t.me/capibar
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Extracted
raccoon
1.8.4-hotfixs
Targets
-
-
Target
fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
-
Size
284KB
-
MD5
00a63db31b56e07a78302135ef563b39
-
SHA1
7e88a6d29c3111a6fc4b48e6581649c938882839
-
SHA256
fc791b006127a132766ddef225ed409472fc810c68a771587a86f4e6e96e80cc
-
SHA512
e7f0334b4d66cb1799668b3b7a3a31cb71397b8de1c77177e109a975826493cf91692eec87d8a0f4c532cb01d82fcc62528a8209e52a256aab9864c52045f5e5
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-