General
-
Target
dd4f47fb16e8d7f170e792920276ab729d60701707dd2d9235ae04645733f28a
-
Size
350KB
-
Sample
220125-hlqqeaafcm
-
MD5
44f03a6891ee932a2756cb2352c9d73b
-
SHA1
bb8bab41b57393967f947d1896a62d2f2bdc3627
-
SHA256
dd4f47fb16e8d7f170e792920276ab729d60701707dd2d9235ae04645733f28a
-
SHA512
6c845487ca80aad39ca78382ba9809439234a365116b12cb26251209526e281858c58c567b35ee1cbc2596af88f6a928926e44de09a75fd876f246ee035a8631
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
dd4f47fb16e8d7f170e792920276ab729d60701707dd2d9235ae04645733f28a
-
Size
350KB
-
MD5
44f03a6891ee932a2756cb2352c9d73b
-
SHA1
bb8bab41b57393967f947d1896a62d2f2bdc3627
-
SHA256
dd4f47fb16e8d7f170e792920276ab729d60701707dd2d9235ae04645733f28a
-
SHA512
6c845487ca80aad39ca78382ba9809439234a365116b12cb26251209526e281858c58c567b35ee1cbc2596af88f6a928926e44de09a75fd876f246ee035a8631
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-