Extracted

• • Target

    1a96d546cfd4c52719b0b3c36932158c9dd9ecf56e5484cf422b319afceb1744

  • Size

    308KB

  • MD5

    6bbdde86be5530a5cd85916dcb7de196

  • SHA1

    975975fb6fab965d1adfef8067518f32f4861008

  • SHA256

    1a96d546cfd4c52719b0b3c36932158c9dd9ecf56e5484cf422b319afceb1744

  • SHA512

    a2815ecfb53a2f2aee0045720796368ae9d6331192ba53c25fe411b382cda31b07eab24af4de4c30d8b1faa927cee080c3bcf638ddf7fa77a7253dfc30145588

  Score

  10^/10

  arkeihomesteadrdiscoveryspywarestealer

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Arkei Stealer Payload

    stealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1