General
-
Target
e4ac9892d0f99b837a2ab6719f53dbe83db91e29b37e686826fc2ff4e2110d3a
-
Size
360KB
-
Sample
220126-y9mawsadd3
-
MD5
c691378d7416166cca00f1ebd9e48eb1
-
SHA1
039fd86ac28a166a50e63329b39c875416365fbb
-
SHA256
e4ac9892d0f99b837a2ab6719f53dbe83db91e29b37e686826fc2ff4e2110d3a
-
SHA512
3664cc47a6f1fe7388608d29d9939d46c37e4b69d8ddbe6f487d8ac7804d0c2d2e5b4b92e96921787763e2ca65199d9a2467d5e2f6dcb7abd9ba80b17c941178
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
e4ac9892d0f99b837a2ab6719f53dbe83db91e29b37e686826fc2ff4e2110d3a
-
Size
360KB
-
MD5
c691378d7416166cca00f1ebd9e48eb1
-
SHA1
039fd86ac28a166a50e63329b39c875416365fbb
-
SHA256
e4ac9892d0f99b837a2ab6719f53dbe83db91e29b37e686826fc2ff4e2110d3a
-
SHA512
3664cc47a6f1fe7388608d29d9939d46c37e4b69d8ddbe6f487d8ac7804d0c2d2e5b4b92e96921787763e2ca65199d9a2467d5e2f6dcb7abd9ba80b17c941178
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-