General
-
Target
e7cd5251460ece03498f3b615864cfe9ee6da0addf0a3a6eda6d777185dcb888
-
Size
274KB
-
Sample
220127-fv1kvsgbcj
-
MD5
d8b4f17ef642b437253a28ec3cd3e650
-
SHA1
8a61d01b971185bc56e4a26cfcd8e1862f674ba2
-
SHA256
e7cd5251460ece03498f3b615864cfe9ee6da0addf0a3a6eda6d777185dcb888
-
SHA512
25e0bf1d80cbfea57f0886b75233a27d4c4c9a8140b51ff0ed1b415f83989d4420fc90650335778f399334be8c4aef33afbd6ce6e507466a7870c5ae7cf46639
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
e7cd5251460ece03498f3b615864cfe9ee6da0addf0a3a6eda6d777185dcb888
-
Size
274KB
-
MD5
d8b4f17ef642b437253a28ec3cd3e650
-
SHA1
8a61d01b971185bc56e4a26cfcd8e1862f674ba2
-
SHA256
e7cd5251460ece03498f3b615864cfe9ee6da0addf0a3a6eda6d777185dcb888
-
SHA512
25e0bf1d80cbfea57f0886b75233a27d4c4c9a8140b51ff0ed1b415f83989d4420fc90650335778f399334be8c4aef33afbd6ce6e507466a7870c5ae7cf46639
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-