Extracted

• • Target

    69753fe5c432a7fd71861f09333b7e27898d37365ef061a69c173948840b63d8

  • Size

    326KB

  • MD5

    b90ada414db7b1c6edf06db79ee2cba3

  • SHA1

    8e1221108ce5f61213372b1f067724bb152ae89f

  • SHA256

    69753fe5c432a7fd71861f09333b7e27898d37365ef061a69c173948840b63d8

  • SHA512

    8fbdb1d959f90471d14ccfcc28c39c8fdbc86380ac04814cbda2b750189c34321c5c4dc042ac2a5956db2718f82a747ec59bbec5fc1cf65ca3bc92c0db5c4617

  Score

  10^/10

  arkeihomesteadrdiscoveryspywarestealer

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Arkei Stealer Payload

    stealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1