General
-
Target
81046b6948cd3b8ca105c0580b8aecabaff132161125328e49925570b6b22b80
-
Size
313KB
-
Sample
220201-jr41nabbcm
-
MD5
8b79cf3ceddeadd4327f04a9fc8f9842
-
SHA1
01f6b944940c56512667fa834edbaf2bad42fbaf
-
SHA256
81046b6948cd3b8ca105c0580b8aecabaff132161125328e49925570b6b22b80
-
SHA512
0c06f7d4e86f7b12db4dff1aaccc0fba94a1c46fca6ec376eb6f093f76c7f5d6d4f0ee4b056b69321a368895033106d4f109de8550da76969b458881ee9d0151
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
81046b6948cd3b8ca105c0580b8aecabaff132161125328e49925570b6b22b80
-
Size
313KB
-
MD5
8b79cf3ceddeadd4327f04a9fc8f9842
-
SHA1
01f6b944940c56512667fa834edbaf2bad42fbaf
-
SHA256
81046b6948cd3b8ca105c0580b8aecabaff132161125328e49925570b6b22b80
-
SHA512
0c06f7d4e86f7b12db4dff1aaccc0fba94a1c46fca6ec376eb6f093f76c7f5d6d4f0ee4b056b69321a368895033106d4f109de8550da76969b458881ee9d0151
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-