General
-
Target
2f5c0c49cc3ab4642db9b111b7c3f602366846392398b08fde5b5976aa88dbde
-
Size
263KB
-
Sample
220123-jh6g5afdb7
-
MD5
88facb1d9e097b809321d823ab3551be
-
SHA1
a1d8b2461d810024a9351d8a617bfcb383d184a6
-
SHA256
2f5c0c49cc3ab4642db9b111b7c3f602366846392398b08fde5b5976aa88dbde
-
SHA512
5dd084cec533007b6d403a4b373020b29eb0168cae9318a53bd66c57b5591e3cc7b471c77af8b115ff1b1d24a0beab292b42e74f5a123fed357fc361e570ee90
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
2f5c0c49cc3ab4642db9b111b7c3f602366846392398b08fde5b5976aa88dbde
-
Size
263KB
-
MD5
88facb1d9e097b809321d823ab3551be
-
SHA1
a1d8b2461d810024a9351d8a617bfcb383d184a6
-
SHA256
2f5c0c49cc3ab4642db9b111b7c3f602366846392398b08fde5b5976aa88dbde
-
SHA512
5dd084cec533007b6d403a4b373020b29eb0168cae9318a53bd66c57b5591e3cc7b471c77af8b115ff1b1d24a0beab292b42e74f5a123fed357fc361e570ee90
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-