General
-
Target
7e15d262ccd214ffe30b5d2a68bf56e4.exe
-
Size
332KB
-
Sample
220121-r21d8ahgg2
-
MD5
7e15d262ccd214ffe30b5d2a68bf56e4
-
SHA1
eb89d690cb604b8c828550ed1e216ae02532077a
-
SHA256
2533988e9f91942374496eff84c8de129d542f8f998fd16807cc0ba34dea62d5
-
SHA512
a6b352ca4eba726e189409c2deacb74200928eb04f6eb2f3ca3f5380520d43492651b57659aac9bf3b25327187806d846259e2dbaf30a18833a708900eae37cc
Static task
static1
Behavioral task
behavioral1
Sample
7e15d262ccd214ffe30b5d2a68bf56e4.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
7e15d262ccd214ffe30b5d2a68bf56e4.exe
-
Size
332KB
-
MD5
7e15d262ccd214ffe30b5d2a68bf56e4
-
SHA1
eb89d690cb604b8c828550ed1e216ae02532077a
-
SHA256
2533988e9f91942374496eff84c8de129d542f8f998fd16807cc0ba34dea62d5
-
SHA512
a6b352ca4eba726e189409c2deacb74200928eb04f6eb2f3ca3f5380520d43492651b57659aac9bf3b25327187806d846259e2dbaf30a18833a708900eae37cc
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-