General
-
Target
2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445
-
Size
271KB
-
Sample
220419-jsr3gsadaj
-
MD5
48460445f790dc9aa302537a7b02a39b
-
SHA1
7692c47b292ca99f9a32af8be16e5cbcce24c760
-
SHA256
2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445
-
SHA512
b9986bd41fcd2624ce28bcf8f93277b92b95bf5cd288389d16d1e4853d250106a8703be8faaa37cb5011d188aba3d7ad836fd68a044a327fe786381a133fe000
Static task
static1
Malware Config
Extracted
arkei
Default
http://jsdkci.link/588711.php
Targets
-
-
Target
2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445
-
Size
271KB
-
MD5
48460445f790dc9aa302537a7b02a39b
-
SHA1
7692c47b292ca99f9a32af8be16e5cbcce24c760
-
SHA256
2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445
-
SHA512
b9986bd41fcd2624ce28bcf8f93277b92b95bf5cd288389d16d1e4853d250106a8703be8faaa37cb5011d188aba3d7ad836fd68a044a327fe786381a133fe000
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-