General
-
Target
499e0ab1477c68445dda434acc4ac3c2869afb7fb2b3fc14516050c08e90edd0
-
Size
356KB
-
Sample
220128-tneayagddp
-
MD5
bce7dcdbad5a0308045f6d3747d464ac
-
SHA1
aa863a34963ea7d4e716adb9a3a2c38bc2594991
-
SHA256
499e0ab1477c68445dda434acc4ac3c2869afb7fb2b3fc14516050c08e90edd0
-
SHA512
060d9eb6c56c9e3fd2af9aee271fdd4dd1bcdab2933c58a01f29fbf56e3a75d56a07d459658ac416e53c216e2cb6bc6649c73ba74a2f39ce05bce37cdcdbb8f5
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
499e0ab1477c68445dda434acc4ac3c2869afb7fb2b3fc14516050c08e90edd0
-
Size
356KB
-
MD5
bce7dcdbad5a0308045f6d3747d464ac
-
SHA1
aa863a34963ea7d4e716adb9a3a2c38bc2594991
-
SHA256
499e0ab1477c68445dda434acc4ac3c2869afb7fb2b3fc14516050c08e90edd0
-
SHA512
060d9eb6c56c9e3fd2af9aee271fdd4dd1bcdab2933c58a01f29fbf56e3a75d56a07d459658ac416e53c216e2cb6bc6649c73ba74a2f39ce05bce37cdcdbb8f5
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-