General
-
Target
438acfda9ebe75b126a2100b2492d3bcd42ed63808fa17a18fd944ff0a2486c6
-
Size
350KB
-
Sample
220126-r8bdnseec7
-
MD5
3e80e94c1d7f450368170229f9c3883f
-
SHA1
ac8904a52d7ee81153b64139f329f35a43fec7b3
-
SHA256
438acfda9ebe75b126a2100b2492d3bcd42ed63808fa17a18fd944ff0a2486c6
-
SHA512
74d6ed67a2f31091c4a3c05ecd034cf897ace203469099d5a680fe60647d4a17572a8d390cad2f52a9f8c61a684c2cc0224eb89f50d8d8be480e9c392c655c9b
Static task
static1
Behavioral task
behavioral1
Sample
438acfda9ebe75b126a2100b2492d3bcd42ed63808fa17a18fd944ff0a2486c6.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
438acfda9ebe75b126a2100b2492d3bcd42ed63808fa17a18fd944ff0a2486c6
-
Size
350KB
-
MD5
3e80e94c1d7f450368170229f9c3883f
-
SHA1
ac8904a52d7ee81153b64139f329f35a43fec7b3
-
SHA256
438acfda9ebe75b126a2100b2492d3bcd42ed63808fa17a18fd944ff0a2486c6
-
SHA512
74d6ed67a2f31091c4a3c05ecd034cf897ace203469099d5a680fe60647d4a17572a8d390cad2f52a9f8c61a684c2cc0224eb89f50d8d8be480e9c392c655c9b
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-