General
-
Target
72a9ea2cd7ff475e7a4b3d955ca65ee2bf7a5cdda90addac27b7739a70fcaa8e
-
Size
324KB
-
Sample
220129-29zsrsbgf5
-
MD5
2ac85ce28029c75d48908372f0a48c48
-
SHA1
ee5f60718e4fd4e83388d3504a9144039dd4754e
-
SHA256
72a9ea2cd7ff475e7a4b3d955ca65ee2bf7a5cdda90addac27b7739a70fcaa8e
-
SHA512
d4108237f4381dd2f47fbe9c389e06e7e567d4ed3f05bab7ce12a23886800c3923c47710a2332ec254105137a5c42cafaef4745df04623e19d39cceb820a33c9
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
72a9ea2cd7ff475e7a4b3d955ca65ee2bf7a5cdda90addac27b7739a70fcaa8e
-
Size
324KB
-
MD5
2ac85ce28029c75d48908372f0a48c48
-
SHA1
ee5f60718e4fd4e83388d3504a9144039dd4754e
-
SHA256
72a9ea2cd7ff475e7a4b3d955ca65ee2bf7a5cdda90addac27b7739a70fcaa8e
-
SHA512
d4108237f4381dd2f47fbe9c389e06e7e567d4ed3f05bab7ce12a23886800c3923c47710a2332ec254105137a5c42cafaef4745df04623e19d39cceb820a33c9
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-