General
-
Target
65a9662ebb3100a126e4ebdffce69aa9b687895fbd536b452ea33ef24001b7e1
-
Size
224KB
-
Sample
220127-qew8lsdbgq
-
MD5
f653bf83af0523c4039220c608e147d3
-
SHA1
b225250a98984ac79f12a07f99eeb3280cbc5ac1
-
SHA256
65a9662ebb3100a126e4ebdffce69aa9b687895fbd536b452ea33ef24001b7e1
-
SHA512
5d659848c545680b269ffb95b18018164e9ba4925c6a3a1dc0a0f6809a402f21cbd0f8eb816b780c53fcabe5fed82a7de24cf1e2431241bd931cb4daad2dbb76
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
65a9662ebb3100a126e4ebdffce69aa9b687895fbd536b452ea33ef24001b7e1
-
Size
224KB
-
MD5
f653bf83af0523c4039220c608e147d3
-
SHA1
b225250a98984ac79f12a07f99eeb3280cbc5ac1
-
SHA256
65a9662ebb3100a126e4ebdffce69aa9b687895fbd536b452ea33ef24001b7e1
-
SHA512
5d659848c545680b269ffb95b18018164e9ba4925c6a3a1dc0a0f6809a402f21cbd0f8eb816b780c53fcabe5fed82a7de24cf1e2431241bd931cb4daad2dbb76
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-