General
-
Target
a40f1495f3359b052b774d004972075d8f9aff4aec8cf480d8fb40a6ec43c0fa
-
Size
309KB
-
Sample
220201-fxagfshgg9
-
MD5
2d72bace12cee0e38d07b057fe1aa88f
-
SHA1
add3d2b35c75e2fde684d35386df654526619e9e
-
SHA256
a40f1495f3359b052b774d004972075d8f9aff4aec8cf480d8fb40a6ec43c0fa
-
SHA512
5467a06da4d8685a91e406dbcca589fa9fc4935e56ee610bfdd626af92204e096824ecb91a18362db32a439bcc8796537bf87444796d1c5b64b7a4d44b06d75a
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
a40f1495f3359b052b774d004972075d8f9aff4aec8cf480d8fb40a6ec43c0fa
-
Size
309KB
-
MD5
2d72bace12cee0e38d07b057fe1aa88f
-
SHA1
add3d2b35c75e2fde684d35386df654526619e9e
-
SHA256
a40f1495f3359b052b774d004972075d8f9aff4aec8cf480d8fb40a6ec43c0fa
-
SHA512
5467a06da4d8685a91e406dbcca589fa9fc4935e56ee610bfdd626af92204e096824ecb91a18362db32a439bcc8796537bf87444796d1c5b64b7a4d44b06d75a
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-