General
-
Target
d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
-
Size
302KB
-
Sample
220119-r5616sagd4
-
MD5
f42790df3ab9ce9c7c11684935e8a9c4
-
SHA1
13df51e503fa77a8a892212d5294b3a0569baabe
-
SHA256
d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
-
SHA512
4da8c72e5c1cdaab22efa8573b800ad781b89dbe5cf0c4230153f76c86cc1504809a2b852a6b7f4710b997eca0626ee39a8bc9b5b7f1a77bb6be7f737ce3432b
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
-
Size
302KB
-
MD5
f42790df3ab9ce9c7c11684935e8a9c4
-
SHA1
13df51e503fa77a8a892212d5294b3a0569baabe
-
SHA256
d6e11a15200d19848a7d2347ef9cab930d720cb72dab5edb74a13b716907b8e9
-
SHA512
4da8c72e5c1cdaab22efa8573b800ad781b89dbe5cf0c4230153f76c86cc1504809a2b852a6b7f4710b997eca0626ee39a8bc9b5b7f1a77bb6be7f737ce3432b
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-