General
-
Target
fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
-
Size
306KB
-
Sample
220118-razzdabegp
-
MD5
8724ac7b6d48e41dfdc552656bc50d14
-
SHA1
e5a99722e9cf0a3ecadbb2bbbe09494320cea2e9
-
SHA256
fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
-
SHA512
c1b27899a01b8253bae5bdc9f33016e2611cd912f84a7b48496da70e471f63bc736fc041c59fb64526bc0a556a365c86d8771ecf176487038326f7fee39e6d41
Static task
static1
Behavioral task
behavioral1
Sample
fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
-
Size
306KB
-
MD5
8724ac7b6d48e41dfdc552656bc50d14
-
SHA1
e5a99722e9cf0a3ecadbb2bbbe09494320cea2e9
-
SHA256
fa0c95b91f9b1f83eab4c17d4ccf39bbde9e3cd75140c1904d659bc745310048
-
SHA512
c1b27899a01b8253bae5bdc9f33016e2611cd912f84a7b48496da70e471f63bc736fc041c59fb64526bc0a556a365c86d8771ecf176487038326f7fee39e6d41
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-