General
-
Target
54118ae981704768ef3943c42818b758.exe
-
Size
337KB
-
Sample
220126-s1mx6sefaj
-
MD5
54118ae981704768ef3943c42818b758
-
SHA1
34268c031520d25d4be5df04b3b56bc5939d3b20
-
SHA256
e213fa14a7be007721a2d90d1b367827a4570493903b202b858f6fa9c89afede
-
SHA512
473149791007add30cd8442aafcc99297021782d120c18584dee68280987bde2aeed0d929699094a3b4f9b4faee725c6b13c3b0aada63eef17d1da5d95fedd27
Static task
static1
Behavioral task
behavioral1
Sample
54118ae981704768ef3943c42818b758.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
54118ae981704768ef3943c42818b758.exe
-
Size
337KB
-
MD5
54118ae981704768ef3943c42818b758
-
SHA1
34268c031520d25d4be5df04b3b56bc5939d3b20
-
SHA256
e213fa14a7be007721a2d90d1b367827a4570493903b202b858f6fa9c89afede
-
SHA512
473149791007add30cd8442aafcc99297021782d120c18584dee68280987bde2aeed0d929699094a3b4f9b4faee725c6b13c3b0aada63eef17d1da5d95fedd27
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-