General
-
Target
122a5876dcd68c44aa4e2e7ae2cb43a3f2ca375904d7e879dbfc26a1331f0cf2
-
Size
270KB
-
Sample
220123-avp68sdha3
-
MD5
1f92066e9549f2b9fabb2fce1065feb6
-
SHA1
96f4b66bc9e7704d06536cbc84440768307d0f78
-
SHA256
122a5876dcd68c44aa4e2e7ae2cb43a3f2ca375904d7e879dbfc26a1331f0cf2
-
SHA512
77f3a0cf0211f48a461ef52a45e147c3454fd7ba54e7ea5400992ab61bec245cf8725f504dcdd98104ae0673ceb734c1e4392a8987a6891616376efe2f197984
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
122a5876dcd68c44aa4e2e7ae2cb43a3f2ca375904d7e879dbfc26a1331f0cf2
-
Size
270KB
-
MD5
1f92066e9549f2b9fabb2fce1065feb6
-
SHA1
96f4b66bc9e7704d06536cbc84440768307d0f78
-
SHA256
122a5876dcd68c44aa4e2e7ae2cb43a3f2ca375904d7e879dbfc26a1331f0cf2
-
SHA512
77f3a0cf0211f48a461ef52a45e147c3454fd7ba54e7ea5400992ab61bec245cf8725f504dcdd98104ae0673ceb734c1e4392a8987a6891616376efe2f197984
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-