General
-
Target
95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
-
Size
302KB
-
Sample
220119-l59t6sghgq
-
MD5
862a8df3591e22cd24458085b6630995
-
SHA1
5098f1db2e9f147534f5b49c1fe1e9703c465a16
-
SHA256
95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
-
SHA512
fd048bb0146265ca63226128f252cb4e9fddc40500b601738d69735260b9d1945b1bd9935cbcc817dc69c9ef2d1b676af3ef2691c0891d7e1c3fabfa252461e4
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
-
Size
302KB
-
MD5
862a8df3591e22cd24458085b6630995
-
SHA1
5098f1db2e9f147534f5b49c1fe1e9703c465a16
-
SHA256
95d60aa4f36e184ec945efb6069a97d310137ee1b1fde3c2fb234ab944bb8b00
-
SHA512
fd048bb0146265ca63226128f252cb4e9fddc40500b601738d69735260b9d1945b1bd9935cbcc817dc69c9ef2d1b676af3ef2691c0891d7e1c3fabfa252461e4
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-