General
-
Target
41f5a5539bb8697ff36e692de741df4be5020ccd7260160716c504b85b9ea510
-
Size
289KB
-
Sample
220119-2qctwsdhc8
-
MD5
4e971ded26b1d5a6a0fd6bc50cc46db1
-
SHA1
37cf58f580b4445ecd9e81fd31d52c8040683dca
-
SHA256
41f5a5539bb8697ff36e692de741df4be5020ccd7260160716c504b85b9ea510
-
SHA512
edeeaf6871de0f726e928fdbdd3e144456e6bbced23a04d0d32d54ffa7841307290e91ab9ff97f16016ac01a286ef6bca96048180031463c7f6bd86e47082edf
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
41f5a5539bb8697ff36e692de741df4be5020ccd7260160716c504b85b9ea510
-
Size
289KB
-
MD5
4e971ded26b1d5a6a0fd6bc50cc46db1
-
SHA1
37cf58f580b4445ecd9e81fd31d52c8040683dca
-
SHA256
41f5a5539bb8697ff36e692de741df4be5020ccd7260160716c504b85b9ea510
-
SHA512
edeeaf6871de0f726e928fdbdd3e144456e6bbced23a04d0d32d54ffa7841307290e91ab9ff97f16016ac01a286ef6bca96048180031463c7f6bd86e47082edf
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-