General
-
Target
8b5c128b8a6f81a45ab854d84cac5b1df5e9779d5c45ceeda8f89b5e93b76a7f
-
Size
337KB
-
Sample
220126-qm6r1sdbbl
-
MD5
660954e6633c10c808ff839617437e90
-
SHA1
31eccf7404608fa5f8b80ca14874782ac4fc7bab
-
SHA256
8b5c128b8a6f81a45ab854d84cac5b1df5e9779d5c45ceeda8f89b5e93b76a7f
-
SHA512
a2b4e72df85f44f886796919b1f9b6387e52823dddfc77406eaf430f4490ae95d71513750b2fbe676a68b0ff6c816585366678fc71ab8f46296ebcb0411590b4
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
8b5c128b8a6f81a45ab854d84cac5b1df5e9779d5c45ceeda8f89b5e93b76a7f
-
Size
337KB
-
MD5
660954e6633c10c808ff839617437e90
-
SHA1
31eccf7404608fa5f8b80ca14874782ac4fc7bab
-
SHA256
8b5c128b8a6f81a45ab854d84cac5b1df5e9779d5c45ceeda8f89b5e93b76a7f
-
SHA512
a2b4e72df85f44f886796919b1f9b6387e52823dddfc77406eaf430f4490ae95d71513750b2fbe676a68b0ff6c816585366678fc71ab8f46296ebcb0411590b4
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-