General
-
Target
ede060b17600f8c8072bc1441433d74fec520769a14f0a95017ab756f942a3a3
-
Size
324KB
-
Sample
220130-ceasqadeh4
-
MD5
167ec6f99aeaf289c9583e093239b3b4
-
SHA1
205b8f6b9e2acdc1796143f8a8a836024f0c3260
-
SHA256
ede060b17600f8c8072bc1441433d74fec520769a14f0a95017ab756f942a3a3
-
SHA512
e7cbe3ee084bb27398cdccd05a97c04b7768ea82358537153654fb73b717b6263eb877998445f3fac547ef6c0708f2f0354cb7208b8dc48f594bdd8641468f70
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
ede060b17600f8c8072bc1441433d74fec520769a14f0a95017ab756f942a3a3
-
Size
324KB
-
MD5
167ec6f99aeaf289c9583e093239b3b4
-
SHA1
205b8f6b9e2acdc1796143f8a8a836024f0c3260
-
SHA256
ede060b17600f8c8072bc1441433d74fec520769a14f0a95017ab756f942a3a3
-
SHA512
e7cbe3ee084bb27398cdccd05a97c04b7768ea82358537153654fb73b717b6263eb877998445f3fac547ef6c0708f2f0354cb7208b8dc48f594bdd8641468f70
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-