General
-
Target
2b2ec30a2bf1c7166055e754a04c6ecf
-
Size
1.7MB
-
Sample
220126-2kdt1abdak
-
MD5
2b2ec30a2bf1c7166055e754a04c6ecf
-
SHA1
c4d2b04eab134dd058994633765410d9aefbe837
-
SHA256
74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c
-
SHA512
18642acdb1231b79112f66b06e47dee922eae4ed89a9cb00227e636833e76416023efd54c2e2728fe179659e796844fb545168248811fc2e823dc38e78e96f3e
Static task
static1
Behavioral task
behavioral1
Sample
2b2ec30a2bf1c7166055e754a04c6ecf.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://37.252.15.126/dhbUc2MgYS.php
Targets
-
-
Target
2b2ec30a2bf1c7166055e754a04c6ecf
-
Size
1.7MB
-
MD5
2b2ec30a2bf1c7166055e754a04c6ecf
-
SHA1
c4d2b04eab134dd058994633765410d9aefbe837
-
SHA256
74fad8e9b1a82d813dd72fce23abdc2d3819496750910c6cdcd70d7398831e2c
-
SHA512
18642acdb1231b79112f66b06e47dee922eae4ed89a9cb00227e636833e76416023efd54c2e2728fe179659e796844fb545168248811fc2e823dc38e78e96f3e
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-