General
-
Target
1d7812eadec5114e75f6c1f2caf2d166.exe
-
Size
306KB
-
Sample
220118-w4cs6acdf4
-
MD5
1d7812eadec5114e75f6c1f2caf2d166
-
SHA1
2918b5750985daa824c5deee6d49bad130a04de8
-
SHA256
6b82ba055be7f91eeaa1fb633fffdb3f124f941857d31258a8561365481568c9
-
SHA512
c69ed9bcb1ce7da41e2579620f2417cd9fb15afd93b1d2b43aedd5aaadf59bf71fcd649afbe6af95f80d5e4da9973b00ecc629f0d8ba10c2db8dd35ca68eaf5b
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
1d7812eadec5114e75f6c1f2caf2d166.exe
-
Size
306KB
-
MD5
1d7812eadec5114e75f6c1f2caf2d166
-
SHA1
2918b5750985daa824c5deee6d49bad130a04de8
-
SHA256
6b82ba055be7f91eeaa1fb633fffdb3f124f941857d31258a8561365481568c9
-
SHA512
c69ed9bcb1ce7da41e2579620f2417cd9fb15afd93b1d2b43aedd5aaadf59bf71fcd649afbe6af95f80d5e4da9973b00ecc629f0d8ba10c2db8dd35ca68eaf5b
Score10/10-
Arkei
Arkei is an infostealer written in C++.
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-