General
-
Target
7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe.exe
-
Size
401KB
-
Sample
220119-wnemtacbf2
-
MD5
07f5f3b04b3997354115cc715febc848
-
SHA1
2c4672af8ea071b1ff1d037cbf381dba26fe4250
-
SHA256
7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe
-
SHA512
3cbf8c4fb6dd296826dce5b31e3e0fc23eeaba0d0949334287204ba73ccd01ad81a52ec6d91da0cbd5f4a77d28d20e3dee637110c851dee7e49731075d17255a
Static task
static1
Behavioral task
behavioral1
Sample
7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe.exe
Resource
win7-en-20211208
Malware Config
Extracted
amadey
2.71
web.xmlpost.xyz/sj2vMs/index.php
web.jsonpost.xyz/sj2vMs/index.php
Extracted
arkei
Default
http://ip.searchforadomainname.xyz/5CZxu3mgkL.php
Targets
-
-
Target
7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe.exe
-
Size
401KB
-
MD5
07f5f3b04b3997354115cc715febc848
-
SHA1
2c4672af8ea071b1ff1d037cbf381dba26fe4250
-
SHA256
7a7a128a51a5e153c55481518bdffe67093e94d99845531918ff50875a13e5fe
-
SHA512
3cbf8c4fb6dd296826dce5b31e3e0fc23eeaba0d0949334287204ba73ccd01ad81a52ec6d91da0cbd5f4a77d28d20e3dee637110c851dee7e49731075d17255a
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-