General
-
Target
728ea8a079304738242507b06624250b.exe
-
Size
336KB
-
Sample
220126-rc975adhh5
-
MD5
728ea8a079304738242507b06624250b
-
SHA1
738d80874e0d46f910482c7291eb6db07692de23
-
SHA256
0b32637010737e98ee8d1eb73537d7747d870e44e4c5e17d7ea562cf71605da8
-
SHA512
04c6c8eb98ac610c3c08ff6dd09c272f416c764f6d551de59e259ec9348aac067f07323ecb8a532e6cccc4dcea232471e3e59bd92d56096b5b9ef9e8998c8108
Static task
static1
Behavioral task
behavioral1
Sample
728ea8a079304738242507b06624250b.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
728ea8a079304738242507b06624250b.exe
-
Size
336KB
-
MD5
728ea8a079304738242507b06624250b
-
SHA1
738d80874e0d46f910482c7291eb6db07692de23
-
SHA256
0b32637010737e98ee8d1eb73537d7747d870e44e4c5e17d7ea562cf71605da8
-
SHA512
04c6c8eb98ac610c3c08ff6dd09c272f416c764f6d551de59e259ec9348aac067f07323ecb8a532e6cccc4dcea232471e3e59bd92d56096b5b9ef9e8998c8108
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-