arkei | b0bbd786fb3429997e5c0f31e9c7692558bebf90e94b4cc64f03d5bc6c7e63f5 | Triage

Submit
Reports

Overview

overview

Static

static

MediaPlayer.exe

windows7_x64

MediaPlayer.exe

windows10-2004_x64

1

Sharing

General

Target

MediaPlayer.exe
Size

280KB
Sample

220117-ljzr3shecq
MD5

9072310d9896b5a4cf3c0ce04d53d0b7
SHA1

a7ac3f9cfd9c7f20973f7832cd2aae15fdc02c37
SHA256

b0bbd786fb3429997e5c0f31e9c7692558bebf90e94b4cc64f03d5bc6c7e63f5
SHA512

d53dd6b4651600c828616e298b5acdff1fa9a609f4a17000e4ed44e9cd63c9a4e898707c5c9ed4945ff989f319142eb582eaff7db6a327d1b347a8be62eba664

Score

10^/10

arkei homesteadr discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MediaPlayer.exe

Resource

win7-en-20211208

arkei homesteadr discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MediaPlayer.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

homesteadr

C2

http://homesteadr.link/ggate.php

Targets

- Target
  
  MediaPlayer.exe
- Size
  
  280KB
- MD5
  
  9072310d9896b5a4cf3c0ce04d53d0b7
- SHA1
  
  a7ac3f9cfd9c7f20973f7832cd2aae15fdc02c37
- SHA256
  
  b0bbd786fb3429997e5c0f31e9c7692558bebf90e94b4cc64f03d5bc6c7e63f5
- SHA512
  
  d53dd6b4651600c828616e298b5acdff1fa9a609f4a17000e4ed44e9cd63c9a4e898707c5c9ed4945ff989f319142eb582eaff7db6a327d1b347a8be62eba664
Score

10^/10

arkei homesteadr discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

arkeihomesteadrdiscoveryspywarestealer

behavioral2

© 2018-2024

Terms | Privacy