General
-
Target
37c0c7a64f42588a62acc3a764e81ca018214f640c5f28d90e96a9940f230380
-
Size
306KB
-
Sample
220118-tpryesbhh7
-
MD5
39d95f281d34ea3306d150f50c741fc7
-
SHA1
0faae2afaf38a721aeb7f9b366612f8afa179cbc
-
SHA256
37c0c7a64f42588a62acc3a764e81ca018214f640c5f28d90e96a9940f230380
-
SHA512
fd40044b39405de00466ba03788f53a320a17863c773bd872e3fd280665fa0e99d58de2230df1f44a0a2bb52644e3580943ce7772817ff2faaeb2a52ae93d823
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
37c0c7a64f42588a62acc3a764e81ca018214f640c5f28d90e96a9940f230380
-
Size
306KB
-
MD5
39d95f281d34ea3306d150f50c741fc7
-
SHA1
0faae2afaf38a721aeb7f9b366612f8afa179cbc
-
SHA256
37c0c7a64f42588a62acc3a764e81ca018214f640c5f28d90e96a9940f230380
-
SHA512
fd40044b39405de00466ba03788f53a320a17863c773bd872e3fd280665fa0e99d58de2230df1f44a0a2bb52644e3580943ce7772817ff2faaeb2a52ae93d823
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-