General
-
Target
e00573f0f00aa049448e8d6beb529b59900203e27dc16de75373698ce68b0aca
-
Size
302KB
-
Sample
220119-sxqvnabahj
-
MD5
763d55c6bcb64988b9be65731cbd0676
-
SHA1
3ef04e6141e2eff64d79ec30845bace665eb3b57
-
SHA256
e00573f0f00aa049448e8d6beb529b59900203e27dc16de75373698ce68b0aca
-
SHA512
d5e99b27887fb777a13e2bf8df92ca74f8595c671b142546b20d93d3effb5127ce7c05c709dcec9aab7316032a4e9240379b607af2f3de64e1b5c66d89dd229f
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
e00573f0f00aa049448e8d6beb529b59900203e27dc16de75373698ce68b0aca
-
Size
302KB
-
MD5
763d55c6bcb64988b9be65731cbd0676
-
SHA1
3ef04e6141e2eff64d79ec30845bace665eb3b57
-
SHA256
e00573f0f00aa049448e8d6beb529b59900203e27dc16de75373698ce68b0aca
-
SHA512
d5e99b27887fb777a13e2bf8df92ca74f8595c671b142546b20d93d3effb5127ce7c05c709dcec9aab7316032a4e9240379b607af2f3de64e1b5c66d89dd229f
Score10/10-
Arkei
Arkei is an infostealer written in C++.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-