Extracted

• • Target

    29fb946f643180f4191dc15dea7d84ad46ea67bbf0d46aa90736433403a0db19

  • Size

    326KB

  • MD5

    7e0d98c9edb21c0d7fb3d91cfb797d2d

  • SHA1

    24ebff824cd6b76f00aa3805e1758cea1aa45c20

  • SHA256

    29fb946f643180f4191dc15dea7d84ad46ea67bbf0d46aa90736433403a0db19

  • SHA512

    6b8f5f48581e2ff495366b4ba7c4f434bd90c454399f2e43a69a9cea84692d5489da60cad9d6acaff870221e545a36508c59e0f6e575236efcf5bbfbad8f5a5f

  Score

  10^/10

  arkeihomesteadrdiscoveryspywarestealer

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Arkei Stealer Payload

    stealer

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1