General
-
Target
8859630ff0b504126f0e687716c92cb3a11094ec951c088d45c9cbd507dda7bd
-
Size
296KB
-
Sample
220124-t696bsffd8
-
MD5
f177ee508b6777a97141836b637d2ba9
-
SHA1
c0fb60771836f489141ed6d65b86fed6a82227c9
-
SHA256
8859630ff0b504126f0e687716c92cb3a11094ec951c088d45c9cbd507dda7bd
-
SHA512
e9650a94f5ebaa765a007d3968b9f8c257a5194bd28f5ff4e1ac3ef8769acbf34288b21cebadcc9459228129266d17fb828a68a10c6a433838a2e7438b8e7c6e
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
8859630ff0b504126f0e687716c92cb3a11094ec951c088d45c9cbd507dda7bd
-
Size
296KB
-
MD5
f177ee508b6777a97141836b637d2ba9
-
SHA1
c0fb60771836f489141ed6d65b86fed6a82227c9
-
SHA256
8859630ff0b504126f0e687716c92cb3a11094ec951c088d45c9cbd507dda7bd
-
SHA512
e9650a94f5ebaa765a007d3968b9f8c257a5194bd28f5ff4e1ac3ef8769acbf34288b21cebadcc9459228129266d17fb828a68a10c6a433838a2e7438b8e7c6e
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-