General
-
Target
3eac686175e546433351711e778cb3366c5435403edcf09ab39ba4b47f3fd668
-
Size
331KB
-
Sample
220121-f7y8kadhe4
-
MD5
ef2062c8283c0307c0c9d234f8377794
-
SHA1
bc9842c2c7dd54ce04536cddd7948acb4324785a
-
SHA256
3eac686175e546433351711e778cb3366c5435403edcf09ab39ba4b47f3fd668
-
SHA512
16529a322f6e540f24b85ab2301c3b1c4061416eadf4fdc10c68f49d5eb1458488e3dc20750aef7cd8b73e362fadbce7d277b38c9fdbf3852eab4b08b0438300
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
3eac686175e546433351711e778cb3366c5435403edcf09ab39ba4b47f3fd668
-
Size
331KB
-
MD5
ef2062c8283c0307c0c9d234f8377794
-
SHA1
bc9842c2c7dd54ce04536cddd7948acb4324785a
-
SHA256
3eac686175e546433351711e778cb3366c5435403edcf09ab39ba4b47f3fd668
-
SHA512
16529a322f6e540f24b85ab2301c3b1c4061416eadf4fdc10c68f49d5eb1458488e3dc20750aef7cd8b73e362fadbce7d277b38c9fdbf3852eab4b08b0438300
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-