General
-
Target
96a733d5467051a32d994e2fb211113c1a819f3e96b8fbb1f0d985a41a479d9e
-
Size
309KB
-
Sample
220119-dh5ypsehhj
-
MD5
84a5e552109062b719a0315482a36ca4
-
SHA1
fd4de24f5b3b7dc9de7db555b0f5060826476eba
-
SHA256
96a733d5467051a32d994e2fb211113c1a819f3e96b8fbb1f0d985a41a479d9e
-
SHA512
71ccdfec44ae439e7e44d24aed974f4512f26d4876d47166068ca9ad31cda81d7a8928d862dbf3f6b781261516aa506fdc292d909fbceb2d8cfdad8c6b736bad
Static task
static1
Behavioral task
behavioral1
Sample
96a733d5467051a32d994e2fb211113c1a819f3e96b8fbb1f0d985a41a479d9e.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
96a733d5467051a32d994e2fb211113c1a819f3e96b8fbb1f0d985a41a479d9e
-
Size
309KB
-
MD5
84a5e552109062b719a0315482a36ca4
-
SHA1
fd4de24f5b3b7dc9de7db555b0f5060826476eba
-
SHA256
96a733d5467051a32d994e2fb211113c1a819f3e96b8fbb1f0d985a41a479d9e
-
SHA512
71ccdfec44ae439e7e44d24aed974f4512f26d4876d47166068ca9ad31cda81d7a8928d862dbf3f6b781261516aa506fdc292d909fbceb2d8cfdad8c6b736bad
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-