General
-
Target
6e015e709a52325d633fb54f55c8aa4e839aa73d51ac287c339e0d98adeb1f10
-
Size
331KB
-
Sample
220117-zaebnscgcm
-
MD5
7fb3acc0dee40203a935491513835090
-
SHA1
0afbbdea16d4e55741834901325b4d0af3c0c165
-
SHA256
6e015e709a52325d633fb54f55c8aa4e839aa73d51ac287c339e0d98adeb1f10
-
SHA512
8114e115539b2a38ff54c1c5a8dff1bac3edd6e208d82884d6e5ecaf4844d0f6a12c9f7e0ec8beb36fdce6e7ef4a0462a33255b56cdeac15314068a86081e8a3
Static task
static1
Malware Config
Extracted
arkei
homesteadr
http://homesteadr.link/ggate.php
Targets
-
-
Target
6e015e709a52325d633fb54f55c8aa4e839aa73d51ac287c339e0d98adeb1f10
-
Size
331KB
-
MD5
7fb3acc0dee40203a935491513835090
-
SHA1
0afbbdea16d4e55741834901325b4d0af3c0c165
-
SHA256
6e015e709a52325d633fb54f55c8aa4e839aa73d51ac287c339e0d98adeb1f10
-
SHA512
8114e115539b2a38ff54c1c5a8dff1bac3edd6e208d82884d6e5ecaf4844d0f6a12c9f7e0ec8beb36fdce6e7ef4a0462a33255b56cdeac15314068a86081e8a3
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-