General
-
Target
a0769aecdb322901550e3beef24d0ea64970e93f21745209942f5fc34763f7a3
-
Size
296KB
-
Sample
220124-yn3ezshfg9
-
MD5
9f882556635ee8f19dc54b6630ddd7fd
-
SHA1
9c05c56282d902dedfd5022e43fcb67f8e2f6c9d
-
SHA256
a0769aecdb322901550e3beef24d0ea64970e93f21745209942f5fc34763f7a3
-
SHA512
46b20f76a03282dae336f269cfc80e6b0001391bbc18604f9351cea69f5020cbd35223a400958efcf7401b6a804fe4ab0cd3f50f2941e7c4093d073447c40101
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
a0769aecdb322901550e3beef24d0ea64970e93f21745209942f5fc34763f7a3
-
Size
296KB
-
MD5
9f882556635ee8f19dc54b6630ddd7fd
-
SHA1
9c05c56282d902dedfd5022e43fcb67f8e2f6c9d
-
SHA256
a0769aecdb322901550e3beef24d0ea64970e93f21745209942f5fc34763f7a3
-
SHA512
46b20f76a03282dae336f269cfc80e6b0001391bbc18604f9351cea69f5020cbd35223a400958efcf7401b6a804fe4ab0cd3f50f2941e7c4093d073447c40101
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-