General
-
Target
2cd332a29eddba51b5ffdd06d1b739a54da2dbca8f3b9f603649475b52a04d72
-
Size
332KB
-
Sample
220121-ymmyxabbhp
-
MD5
2c910efc373df0cf22e211cbeb64e31a
-
SHA1
8222cfc2a956a470fbca5f7a034ece5aee95437c
-
SHA256
2cd332a29eddba51b5ffdd06d1b739a54da2dbca8f3b9f603649475b52a04d72
-
SHA512
d454f94a8d03d29553b357d3dedb08d3e24694fac3c84cab6ee0181ab7dd79109f9bedfe2232b80c9564359006c7af59bc88845c6c95be97beca61f833a2b6dd
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
2cd332a29eddba51b5ffdd06d1b739a54da2dbca8f3b9f603649475b52a04d72
-
Size
332KB
-
MD5
2c910efc373df0cf22e211cbeb64e31a
-
SHA1
8222cfc2a956a470fbca5f7a034ece5aee95437c
-
SHA256
2cd332a29eddba51b5ffdd06d1b739a54da2dbca8f3b9f603649475b52a04d72
-
SHA512
d454f94a8d03d29553b357d3dedb08d3e24694fac3c84cab6ee0181ab7dd79109f9bedfe2232b80c9564359006c7af59bc88845c6c95be97beca61f833a2b6dd
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-