General
-
Target
e514f07ff4d4c7e92ae5884bd0d83f56.exe
-
Size
307KB
-
Sample
220118-raey7sbegl
-
MD5
e514f07ff4d4c7e92ae5884bd0d83f56
-
SHA1
25385d1c06daff9e297d2c35ee1ae3d55792ebca
-
SHA256
fd4f322ed48ebc3a516a0cadcae61e3a9ffdf88ef9e10999e419058626907523
-
SHA512
16f6e1f9f828acc460c82df82640c11599591324df27e186576440c695ca933e1d52e5cbafd80ddc78b79c69cbce08b209275ad0dae028050e5fddf529e494c1
Static task
static1
Behavioral task
behavioral1
Sample
e514f07ff4d4c7e92ae5884bd0d83f56.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e514f07ff4d4c7e92ae5884bd0d83f56.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
e514f07ff4d4c7e92ae5884bd0d83f56.exe
-
Size
307KB
-
MD5
e514f07ff4d4c7e92ae5884bd0d83f56
-
SHA1
25385d1c06daff9e297d2c35ee1ae3d55792ebca
-
SHA256
fd4f322ed48ebc3a516a0cadcae61e3a9ffdf88ef9e10999e419058626907523
-
SHA512
16f6e1f9f828acc460c82df82640c11599591324df27e186576440c695ca933e1d52e5cbafd80ddc78b79c69cbce08b209275ad0dae028050e5fddf529e494c1
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-