General
-
Target
309f0615d2edcfb5038d8afb9fc6c8ff3e29ed8e72e6d48ff806f33b5347f25b
-
Size
289KB
-
Sample
220119-3hgnjseadk
-
MD5
014400fbb4a172da0f2a39c715676b6f
-
SHA1
6ea913ef31cd12b112937ee879ff1c2ba32f5775
-
SHA256
309f0615d2edcfb5038d8afb9fc6c8ff3e29ed8e72e6d48ff806f33b5347f25b
-
SHA512
6a8faa09df76c1269cf3e818f0f41396cd507654325e439fe851844dee49c2f31a5038e0f4d7eb60cab829c05e7c86118828c032bbc70b17ad18e5e2aeb59980
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
309f0615d2edcfb5038d8afb9fc6c8ff3e29ed8e72e6d48ff806f33b5347f25b
-
Size
289KB
-
MD5
014400fbb4a172da0f2a39c715676b6f
-
SHA1
6ea913ef31cd12b112937ee879ff1c2ba32f5775
-
SHA256
309f0615d2edcfb5038d8afb9fc6c8ff3e29ed8e72e6d48ff806f33b5347f25b
-
SHA512
6a8faa09df76c1269cf3e818f0f41396cd507654325e439fe851844dee49c2f31a5038e0f4d7eb60cab829c05e7c86118828c032bbc70b17ad18e5e2aeb59980
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-