General
-
Target
95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
-
Size
274KB
-
Sample
220127-dyp77aegdp
-
MD5
5b6f7a663dd0a1cb4577ff3aac192489
-
SHA1
fb4e6ca79a20abc8768d49b238620d2db2697278
-
SHA256
95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
-
SHA512
11ba45277a9723bb1bbb14b15361238665cbb33f8811c1285be54c8b2d9c3db9088a05efbb966ee48e9fab2d1bac022e5c75f3ba8176c9743a2269c629cec8ef
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
-
Size
274KB
-
MD5
5b6f7a663dd0a1cb4577ff3aac192489
-
SHA1
fb4e6ca79a20abc8768d49b238620d2db2697278
-
SHA256
95a37423a8bd099f4f3d9a976345130b2949122f653ed5958f47aedb74070992
-
SHA512
11ba45277a9723bb1bbb14b15361238665cbb33f8811c1285be54c8b2d9c3db9088a05efbb966ee48e9fab2d1bac022e5c75f3ba8176c9743a2269c629cec8ef
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-