General
-
Target
9ebebcb4c5bf75e01b6edd0aad248261fcca4f9df834260d5d0c853f0d9e2938
-
Size
296KB
-
Sample
220124-vknkwafge6
-
MD5
fdad3932ea2d9f4ae7aa84876541a581
-
SHA1
da10a6b3c21ef85910ef9109047f3030bcbfd1dd
-
SHA256
9ebebcb4c5bf75e01b6edd0aad248261fcca4f9df834260d5d0c853f0d9e2938
-
SHA512
654eb6778e879cf81991ad6708e0a046cb75951eb5f38d7c4bcf7d50253aeec6ee0c01948278022cf458bacf397b620019cace78a8d046c51981b36ea9bd6733
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
9ebebcb4c5bf75e01b6edd0aad248261fcca4f9df834260d5d0c853f0d9e2938
-
Size
296KB
-
MD5
fdad3932ea2d9f4ae7aa84876541a581
-
SHA1
da10a6b3c21ef85910ef9109047f3030bcbfd1dd
-
SHA256
9ebebcb4c5bf75e01b6edd0aad248261fcca4f9df834260d5d0c853f0d9e2938
-
SHA512
654eb6778e879cf81991ad6708e0a046cb75951eb5f38d7c4bcf7d50253aeec6ee0c01948278022cf458bacf397b620019cace78a8d046c51981b36ea9bd6733
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-