General
-
Target
c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0.bin
-
Size
158KB
-
Sample
220420-kkwalsdeh9
-
MD5
f8a30fb6bedbb410e708799222d452df
-
SHA1
f0f7715d17f81e5c82cf45cd98cfccdccc25808e
-
SHA256
c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0
-
SHA512
53727107cdc2518218deef3218b71d3aecf486a3b3365cb9f25133f76402e97d8d148feeac30ff93b1a42cb74781271a9df1bcaf52c101f66fddf31ef5fc4894
Behavioral task
behavioral1
Sample
c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0.exe
Resource
win7-20220414-en
Malware Config
Extracted
arkei
Default
http://xiskasment.com/blaka.php
Targets
-
-
Target
c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0.bin
-
Size
158KB
-
MD5
f8a30fb6bedbb410e708799222d452df
-
SHA1
f0f7715d17f81e5c82cf45cd98cfccdccc25808e
-
SHA256
c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0
-
SHA512
53727107cdc2518218deef3218b71d3aecf486a3b3365cb9f25133f76402e97d8d148feeac30ff93b1a42cb74781271a9df1bcaf52c101f66fddf31ef5fc4894
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-