arkei | fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
Size

306KB
Sample

220118-razzdabegp
MD5

8724ac7b6d48e41dfdc552656bc50d14
SHA1

e5a99722e9cf0a3ecadbb2bbbe09494320cea2e9
SHA256

fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
SHA512

c1b27899a01b8253bae5bdc9f33016e2611cd912f84a7b48496da70e471f63bc736fc041c59fb64526bc0a556a365c86d8771ecf176487038326f7fee39e6d41

Score

10^/10

arkei homesteadr discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048.exe

Resource

win10v2004-en-20220112

arkei homesteadr discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

arkei

Botnet

homesteadr

C2

http://homesteadr.link/ggate.php

Targets

- Target
  
  fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
- Size
  
  306KB
- MD5
  
  8724ac7b6d48e41dfdc552656bc50d14
- SHA1
  
  e5a99722e9cf0a3ecadbb2bbbe09494320cea2e9
- SHA256
  
  fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
- SHA512
  
  c1b27899a01b8253bae5bdc9f33016e2611cd912f84a7b48496da70e471f63bc736fc041c59fb64526bc0a556a365c86d8771ecf176487038326f7fee39e6d41
Score

10^/10

arkei homesteadr discovery spyware stealer
- Arkei
  Arkei is an infostealer written in C++.
  stealer arkei
- Suspicious use of NtCreateProcessExOtherParentProcess
- Arkei Stealer Payload
  stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

arkeihomesteadrdiscoveryspywarestealer

© 2018-2024

Terms | Privacy