General
-
Target
0fbcaced407bb37872cb2f03343080ee78032eb3c087539ca46891e01a98d59d
-
Size
309KB
-
Sample
220119-dgfmeseha4
-
MD5
673192a35b9cee9d3aed689ec609ae2c
-
SHA1
9b0d40604443bafb91dc68c0824ae9bf78a333aa
-
SHA256
0fbcaced407bb37872cb2f03343080ee78032eb3c087539ca46891e01a98d59d
-
SHA512
7c3ef89f301006bee6d40dfce13be34d959a7e837bc410bf9862a2822568fdc2eefd3b85a446e1c4a0117dc10951b3f0cfc08f186d8d658666046f3bab19a556
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
0fbcaced407bb37872cb2f03343080ee78032eb3c087539ca46891e01a98d59d
-
Size
309KB
-
MD5
673192a35b9cee9d3aed689ec609ae2c
-
SHA1
9b0d40604443bafb91dc68c0824ae9bf78a333aa
-
SHA256
0fbcaced407bb37872cb2f03343080ee78032eb3c087539ca46891e01a98d59d
-
SHA512
7c3ef89f301006bee6d40dfce13be34d959a7e837bc410bf9862a2822568fdc2eefd3b85a446e1c4a0117dc10951b3f0cfc08f186d8d658666046f3bab19a556
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-