General
-
Target
dd7f271f43129de978f093fe2ba42169a5e04be386521662eeb32113392a2ead
-
Size
331KB
-
Sample
220121-jf3nfsedh5
-
MD5
1e960ffef3a2421075a93b876ec9a5ba
-
SHA1
5cc7605ae64b12424a949fd9a93f7f66e15eab02
-
SHA256
dd7f271f43129de978f093fe2ba42169a5e04be386521662eeb32113392a2ead
-
SHA512
575d3f52b9ba4c8df33abba39169ea6f93553d77133dd90e535ea74cc3771e63c12c42e41b19e30c280ce25bf8061305fc44228c381169fba45442573a331095
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
dd7f271f43129de978f093fe2ba42169a5e04be386521662eeb32113392a2ead
-
Size
331KB
-
MD5
1e960ffef3a2421075a93b876ec9a5ba
-
SHA1
5cc7605ae64b12424a949fd9a93f7f66e15eab02
-
SHA256
dd7f271f43129de978f093fe2ba42169a5e04be386521662eeb32113392a2ead
-
SHA512
575d3f52b9ba4c8df33abba39169ea6f93553d77133dd90e535ea74cc3771e63c12c42e41b19e30c280ce25bf8061305fc44228c381169fba45442573a331095
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-