General
-
Target
93b20ad2eb7d83453357fc291631816efa2867dda0a5771f7c69881dfa80c653
-
Size
302KB
-
Sample
220119-prryzshgcq
-
MD5
4064c5a9b64b7f769e7ad4cbb8f7b001
-
SHA1
9534b0d88c638ba3a00e974480fa53a75777fcf4
-
SHA256
93b20ad2eb7d83453357fc291631816efa2867dda0a5771f7c69881dfa80c653
-
SHA512
201a837bd73d72096800a606b7bec25b046c46448dac8b768a91b3628d6638d15854eb6ea3ff6b83b5c2ec00e25957011f0672b5bb57c8ea0c84f7f08df12956
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
93b20ad2eb7d83453357fc291631816efa2867dda0a5771f7c69881dfa80c653
-
Size
302KB
-
MD5
4064c5a9b64b7f769e7ad4cbb8f7b001
-
SHA1
9534b0d88c638ba3a00e974480fa53a75777fcf4
-
SHA256
93b20ad2eb7d83453357fc291631816efa2867dda0a5771f7c69881dfa80c653
-
SHA512
201a837bd73d72096800a606b7bec25b046c46448dac8b768a91b3628d6638d15854eb6ea3ff6b83b5c2ec00e25957011f0672b5bb57c8ea0c84f7f08df12956
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-