General
-
Target
33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
-
Size
310KB
-
Sample
220119-b13j7aeee5
-
MD5
507fb2556918322cdbb18572312f85f6
-
SHA1
012dfb82bccc57acec121566697dd36380e6bf67
-
SHA256
33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
-
SHA512
abe6f4dfff52f73385436f9dd594dd14af890fa8829d4d21e98c31f0717ce2edcc2f49135d01f4a4e4f063f4a91915a6546d6172565851851bbf8ae14ba50032
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
-
Size
310KB
-
MD5
507fb2556918322cdbb18572312f85f6
-
SHA1
012dfb82bccc57acec121566697dd36380e6bf67
-
SHA256
33e9397edff882df204cc7bd7dbb433cb049a2b597b652754012892ed30f87a6
-
SHA512
abe6f4dfff52f73385436f9dd594dd14af890fa8829d4d21e98c31f0717ce2edcc2f49135d01f4a4e4f063f4a91915a6546d6172565851851bbf8ae14ba50032
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-