General
-
Target
65b58617f70da721a518069c44102cdb7f80ce5d6d1eb9fb4fabdba433f2b603
-
Size
302KB
-
Sample
220119-qr4hfsabh7
-
MD5
1ebc5f456728b4d6039d94c8497dbdc6
-
SHA1
c5303ab2f7fa893e6f6a57bc11c057959d34f78a
-
SHA256
65b58617f70da721a518069c44102cdb7f80ce5d6d1eb9fb4fabdba433f2b603
-
SHA512
163da691bcf399f9dd95410bee28eee1aef17c3e6a4ecde31cf89436ffe0a497c19038cc02eef4a2e702b971eafbf14f88f31bd9914d341bcf6bbef99eafa4b6
Static task
static1
Behavioral task
behavioral1
Sample
65b58617f70da721a518069c44102cdb7f80ce5d6d1eb9fb4fabdba433f2b603.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
65b58617f70da721a518069c44102cdb7f80ce5d6d1eb9fb4fabdba433f2b603
-
Size
302KB
-
MD5
1ebc5f456728b4d6039d94c8497dbdc6
-
SHA1
c5303ab2f7fa893e6f6a57bc11c057959d34f78a
-
SHA256
65b58617f70da721a518069c44102cdb7f80ce5d6d1eb9fb4fabdba433f2b603
-
SHA512
163da691bcf399f9dd95410bee28eee1aef17c3e6a4ecde31cf89436ffe0a497c19038cc02eef4a2e702b971eafbf14f88f31bd9914d341bcf6bbef99eafa4b6
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-