General
-
Target
0e454be4c70424c9f190e19e61a77dd6e92070b61e9c771d465a6526ac4eb91f
-
Size
223KB
-
Sample
220127-wjfpbagfem
-
MD5
b75a15067d33f8d984d3da5936186378
-
SHA1
ae4666eb4bca49eefa850f856e8eaef01a101547
-
SHA256
0e454be4c70424c9f190e19e61a77dd6e92070b61e9c771d465a6526ac4eb91f
-
SHA512
85952c5d8985155c229d32251156b26a9da08bd237c17b609c6d61f3b68f6514dabe9d370333ded528c2ed57047c639c25388f158f98b74e6bbf091d7694cd44
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
0e454be4c70424c9f190e19e61a77dd6e92070b61e9c771d465a6526ac4eb91f
-
Size
223KB
-
MD5
b75a15067d33f8d984d3da5936186378
-
SHA1
ae4666eb4bca49eefa850f856e8eaef01a101547
-
SHA256
0e454be4c70424c9f190e19e61a77dd6e92070b61e9c771d465a6526ac4eb91f
-
SHA512
85952c5d8985155c229d32251156b26a9da08bd237c17b609c6d61f3b68f6514dabe9d370333ded528c2ed57047c639c25388f158f98b74e6bbf091d7694cd44
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-