General
-
Target
35bafe562516c8e3f4e82a001853a69c.exe
-
Size
278KB
-
Sample
220417-qtk4wshgd3
-
MD5
35bafe562516c8e3f4e82a001853a69c
-
SHA1
322dd66527ab45ef36b8c154666c19d7c4d2437e
-
SHA256
aab5eabe9085d1c68f1164bad7597dde2068d9a5fbe8f3335954f5705b1b0e91
-
SHA512
0411da72f8dcd963a1d06202f3172af35172edaa0609113b13b3f30413d91b65c642a4037188ae4fce74f3a312217e074370c4dba1e7293345baf352b0d4dee3
Static task
static1
Behavioral task
behavioral1
Sample
35bafe562516c8e3f4e82a001853a69c.exe
Resource
win7-20220414-en
Malware Config
Extracted
arkei
Default
http://cheapf.link/48484.php
Targets
-
-
Target
35bafe562516c8e3f4e82a001853a69c.exe
-
Size
278KB
-
MD5
35bafe562516c8e3f4e82a001853a69c
-
SHA1
322dd66527ab45ef36b8c154666c19d7c4d2437e
-
SHA256
aab5eabe9085d1c68f1164bad7597dde2068d9a5fbe8f3335954f5705b1b0e91
-
SHA512
0411da72f8dcd963a1d06202f3172af35172edaa0609113b13b3f30413d91b65c642a4037188ae4fce74f3a312217e074370c4dba1e7293345baf352b0d4dee3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-