General
-
Target
5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445
-
Size
274KB
-
Sample
220127-hbcqssghcl
-
MD5
6f4d364ef1158c81a4a360c9d5e6b94e
-
SHA1
5ac98de59631c198faa58300fbda535f8a7f65b2
-
SHA256
5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445
-
SHA512
610dfa2040b6f302471806fce3a881ce8483a22d8a5fae699e9759869f6680098c3982a8bead678958df944c39e4879e18cdf62f5de2fee83668c35e8ba8571a
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445
-
Size
274KB
-
MD5
6f4d364ef1158c81a4a360c9d5e6b94e
-
SHA1
5ac98de59631c198faa58300fbda535f8a7f65b2
-
SHA256
5a38f9235cf5744450afed13e0545798d8be7de8191ef91bf40b4125e5ae0445
-
SHA512
610dfa2040b6f302471806fce3a881ce8483a22d8a5fae699e9759869f6680098c3982a8bead678958df944c39e4879e18cdf62f5de2fee83668c35e8ba8571a
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-