General
-
Target
ba51c84edc1933f9e0f8f7cba8ee74ff4353841049ec5911a96336c892789e0e
-
Size
270KB
-
Sample
220123-eztgnsefg8
-
MD5
4046cfb6343b49c7d4b843a35d066cb8
-
SHA1
f2014bf3b6438fc5d16d77efa9aac5d98ae0690c
-
SHA256
ba51c84edc1933f9e0f8f7cba8ee74ff4353841049ec5911a96336c892789e0e
-
SHA512
00b882f9acc0d30ba66876d292f94e3c6977c3cdcf071acaf762777b3ce35ca3039736ea575fe4008bc7e25ddeb371a9c057d151f4e7ae301ac46330917985a7
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
ba51c84edc1933f9e0f8f7cba8ee74ff4353841049ec5911a96336c892789e0e
-
Size
270KB
-
MD5
4046cfb6343b49c7d4b843a35d066cb8
-
SHA1
f2014bf3b6438fc5d16d77efa9aac5d98ae0690c
-
SHA256
ba51c84edc1933f9e0f8f7cba8ee74ff4353841049ec5911a96336c892789e0e
-
SHA512
00b882f9acc0d30ba66876d292f94e3c6977c3cdcf071acaf762777b3ce35ca3039736ea575fe4008bc7e25ddeb371a9c057d151f4e7ae301ac46330917985a7
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-