General
-
Target
d309d0939ab65f50cb84b2b06ae85885b7d293f699d42b324d8adb58f7ff194a
-
Size
302KB
-
Sample
220118-wh338accg9
-
MD5
e4d28258bc8f3771b2d9d341a218fe6c
-
SHA1
040f980c08011a43430eb3ae036c08768a5b1a77
-
SHA256
d309d0939ab65f50cb84b2b06ae85885b7d293f699d42b324d8adb58f7ff194a
-
SHA512
80239dbdebc62f482534f66de15454ee0dd02957209718f147832ff5b077c141a8f700c4ace1a65618d3182fec13f04001bd1204cf60b5b97040f790032d31c6
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
d309d0939ab65f50cb84b2b06ae85885b7d293f699d42b324d8adb58f7ff194a
-
Size
302KB
-
MD5
e4d28258bc8f3771b2d9d341a218fe6c
-
SHA1
040f980c08011a43430eb3ae036c08768a5b1a77
-
SHA256
d309d0939ab65f50cb84b2b06ae85885b7d293f699d42b324d8adb58f7ff194a
-
SHA512
80239dbdebc62f482534f66de15454ee0dd02957209718f147832ff5b077c141a8f700c4ace1a65618d3182fec13f04001bd1204cf60b5b97040f790032d31c6
Score10/10-
Arkei
Arkei is an infostealer written in C++.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-