b7f81c3639833e73edc017da64e789a24a2c1974a7a18e68f868bdd4a35865c4

General
Target

b7f81c3639833e73edc017da64e789a24a2c1974a7a18e68f868bdd4a35865c4

Size

284KB

Sample

220123-226w4sgdgp

Score
10 /10
MD5

82cd807305553d350a17753d6201d3ce

SHA1

1eaaee1ca9eba9c56b4d8cdc796e96d4f7aa624c

SHA256

b7f81c3639833e73edc017da64e789a24a2c1974a7a18e68f868bdd4a35865c4

SHA512

eba0695016c42ffb99636d6bdc19bac97cadad8fa11dee8b3a2b947b64494e719f9a6852694b816db3813ac79fd3caf1b5e976b7a2a3f9adc1726260fbc9b36f

Malware Config

Extracted

Family arkei
Botnet Default
C2

http://homesteadr.link/ggate.php

Targets
Target

b7f81c3639833e73edc017da64e789a24a2c1974a7a18e68f868bdd4a35865c4

MD5

82cd807305553d350a17753d6201d3ce

Filesize

284KB

Score
10/10
SHA1

1eaaee1ca9eba9c56b4d8cdc796e96d4f7aa624c

SHA256

b7f81c3639833e73edc017da64e789a24a2c1974a7a18e68f868bdd4a35865c4

SHA512

eba0695016c42ffb99636d6bdc19bac97cadad8fa11dee8b3a2b947b64494e719f9a6852694b816db3813ac79fd3caf1b5e976b7a2a3f9adc1726260fbc9b36f

Tags

Signatures

  • Arkei

    Description

    Arkei is an infostealer written in C++.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Arkei Stealer Payload

    Tags

  • Downloads MZ/PE file

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks