General
-
Target
512b0344c289808871d294c5b0cb9c64f58f57734a392bf58d2c7b7562e65e82
-
Size
264KB
-
Sample
220131-m2x7mshfc8
-
MD5
01e50b95c50cf4fe6f257712b933f68e
-
SHA1
b6a4949b5a3e406893e3d20eee71050914cda1cf
-
SHA256
512b0344c289808871d294c5b0cb9c64f58f57734a392bf58d2c7b7562e65e82
-
SHA512
aba52c979e2c77c081b8ad536b75307929e2deb79ffe3e4834367a8f632dca98a01887908ea2ff166e88255c1fc46191c1a193d48ace07bef77f819da5edc902
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
512b0344c289808871d294c5b0cb9c64f58f57734a392bf58d2c7b7562e65e82
-
Size
264KB
-
MD5
01e50b95c50cf4fe6f257712b933f68e
-
SHA1
b6a4949b5a3e406893e3d20eee71050914cda1cf
-
SHA256
512b0344c289808871d294c5b0cb9c64f58f57734a392bf58d2c7b7562e65e82
-
SHA512
aba52c979e2c77c081b8ad536b75307929e2deb79ffe3e4834367a8f632dca98a01887908ea2ff166e88255c1fc46191c1a193d48ace07bef77f819da5edc902
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-