General
-
Target
0b4c35d12d6472f69dd06ccdba38802fceba972c397f7eca17b16e0aabab60db
-
Size
271KB
-
Sample
220419-jqy31sdhe4
-
MD5
214e6795f6b2f271485a9678856ab69b
-
SHA1
4ec3cea82374ee9d210099b499229266f8d25bdf
-
SHA256
0b4c35d12d6472f69dd06ccdba38802fceba972c397f7eca17b16e0aabab60db
-
SHA512
2b0e5fdf47872fd874308d3197c3aa95d60636cc5be698a674e3601afc4099025a537cf1b101e6ab377c0cce384014236dc5a0ab718c46ca648838e90d91617b
Static task
static1
Behavioral task
behavioral1
Sample
0b4c35d12d6472f69dd06ccdba38802fceba972c397f7eca17b16e0aabab60db.exe
Resource
win7-20220414-en
Malware Config
Extracted
arkei
Default
http://jsdkci.link/588711.php
Targets
-
-
Target
0b4c35d12d6472f69dd06ccdba38802fceba972c397f7eca17b16e0aabab60db
-
Size
271KB
-
MD5
214e6795f6b2f271485a9678856ab69b
-
SHA1
4ec3cea82374ee9d210099b499229266f8d25bdf
-
SHA256
0b4c35d12d6472f69dd06ccdba38802fceba972c397f7eca17b16e0aabab60db
-
SHA512
2b0e5fdf47872fd874308d3197c3aa95d60636cc5be698a674e3601afc4099025a537cf1b101e6ab377c0cce384014236dc5a0ab718c46ca648838e90d91617b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-