General
-
Target
1a1a75c6f8de15548987c977abcb3631e784983c190c7a2e56505fbd58e949e7
-
Size
355KB
-
Sample
220128-pa47zscgf5
-
MD5
0d7d4b5a053ac0bdaa6027944168b204
-
SHA1
d935262da425ef47027c729cfcd6570be1640937
-
SHA256
1a1a75c6f8de15548987c977abcb3631e784983c190c7a2e56505fbd58e949e7
-
SHA512
147d253d4847c5d4bbec93f4c6d9f2c46accf14124ec5e7d6ce6f7ef4cdfddec8bb2d1cd9ee54a149c3b4d29e06d71d36f13632d1970c6ffca5c994d20ab4b31
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
1a1a75c6f8de15548987c977abcb3631e784983c190c7a2e56505fbd58e949e7
-
Size
355KB
-
MD5
0d7d4b5a053ac0bdaa6027944168b204
-
SHA1
d935262da425ef47027c729cfcd6570be1640937
-
SHA256
1a1a75c6f8de15548987c977abcb3631e784983c190c7a2e56505fbd58e949e7
-
SHA512
147d253d4847c5d4bbec93f4c6d9f2c46accf14124ec5e7d6ce6f7ef4cdfddec8bb2d1cd9ee54a149c3b4d29e06d71d36f13632d1970c6ffca5c994d20ab4b31
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-