General
-
Target
84d4e0d123226049ca6ef4f945a2debdc54ad24f5122143baef6525f2b6fb6fc
-
Size
282KB
-
Sample
220123-zkys3agdbm
-
MD5
75df4edfc63e3bf63d57f6118eb9f334
-
SHA1
55059eb2278babb99534e12a8ae1e48a3d54083b
-
SHA256
84d4e0d123226049ca6ef4f945a2debdc54ad24f5122143baef6525f2b6fb6fc
-
SHA512
55cb2c5f726866a1adc612c23c99c52fcb0e0db2555a07797627ec052dfa11eb6f09073631c747cbc946e66781df6155ed4b0dbc2df463b3429206ea98d1ddc6
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
84d4e0d123226049ca6ef4f945a2debdc54ad24f5122143baef6525f2b6fb6fc
-
Size
282KB
-
MD5
75df4edfc63e3bf63d57f6118eb9f334
-
SHA1
55059eb2278babb99534e12a8ae1e48a3d54083b
-
SHA256
84d4e0d123226049ca6ef4f945a2debdc54ad24f5122143baef6525f2b6fb6fc
-
SHA512
55cb2c5f726866a1adc612c23c99c52fcb0e0db2555a07797627ec052dfa11eb6f09073631c747cbc946e66781df6155ed4b0dbc2df463b3429206ea98d1ddc6
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-