General
-
Target
a76d798e9ab1d95838c34b48383b489112da731147bc4f0c6244afab039658c6
-
Size
282KB
-
Sample
220123-pg3mqsgad4
-
MD5
f38a13df85c9e1d3fbd0842f28b1240e
-
SHA1
bb73d7d5754b579f0e9b59c382d93a424b13c4c1
-
SHA256
a76d798e9ab1d95838c34b48383b489112da731147bc4f0c6244afab039658c6
-
SHA512
b3c2ca9b8e22b7f23cd4bf2117d579b5345cb9ecba5a8d4794f8fc8ac517b2d8977c2de17571ae1cf82900f712a6275e63131e6e5f5da8d261a3016e65b0ccbd
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
a76d798e9ab1d95838c34b48383b489112da731147bc4f0c6244afab039658c6
-
Size
282KB
-
MD5
f38a13df85c9e1d3fbd0842f28b1240e
-
SHA1
bb73d7d5754b579f0e9b59c382d93a424b13c4c1
-
SHA256
a76d798e9ab1d95838c34b48383b489112da731147bc4f0c6244afab039658c6
-
SHA512
b3c2ca9b8e22b7f23cd4bf2117d579b5345cb9ecba5a8d4794f8fc8ac517b2d8977c2de17571ae1cf82900f712a6275e63131e6e5f5da8d261a3016e65b0ccbd
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-