General
-
Target
e26ee932b7ca1a42b86b8744b9d89ccb5b8235d2efffd31e5d62ae102cbf2ce9
-
Size
303KB
-
Sample
220119-v358msbhh5
-
MD5
326937571b98747b77833a7171c1c815
-
SHA1
5122326d8a8738f943aabd1a17925b7f18d0ae83
-
SHA256
e26ee932b7ca1a42b86b8744b9d89ccb5b8235d2efffd31e5d62ae102cbf2ce9
-
SHA512
52c5d512626d4df46ee2c25ea187df453bbd5d524fbefdda38bf5ddb30f6d682b7e0fa170919fc2e78258cf71d42744b35339ada5984d0b3032c6b0c2e653b52
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
e26ee932b7ca1a42b86b8744b9d89ccb5b8235d2efffd31e5d62ae102cbf2ce9
-
Size
303KB
-
MD5
326937571b98747b77833a7171c1c815
-
SHA1
5122326d8a8738f943aabd1a17925b7f18d0ae83
-
SHA256
e26ee932b7ca1a42b86b8744b9d89ccb5b8235d2efffd31e5d62ae102cbf2ce9
-
SHA512
52c5d512626d4df46ee2c25ea187df453bbd5d524fbefdda38bf5ddb30f6d682b7e0fa170919fc2e78258cf71d42744b35339ada5984d0b3032c6b0c2e653b52
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-