General
-
Target
717cf0c5f85bbf12aee6e551de05ca65c6c955ccc19bdaff4e775d3d95f7a059
-
Size
303KB
-
Sample
220119-qnfl8aabdn
-
MD5
56a84a501fb993a29bfb915f04adb8a1
-
SHA1
fc1dbe8cb5443d67414d3f5b2801b6d4097c75e2
-
SHA256
717cf0c5f85bbf12aee6e551de05ca65c6c955ccc19bdaff4e775d3d95f7a059
-
SHA512
89fa053779d864515bb7cea11a31fc2bc96861e9f548da95a0497db3adb7d2877c6923eeb1e9a7f2a6cde1b5b1307168f33338b91f8ddd210ca1dcf7f16563df
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
717cf0c5f85bbf12aee6e551de05ca65c6c955ccc19bdaff4e775d3d95f7a059
-
Size
303KB
-
MD5
56a84a501fb993a29bfb915f04adb8a1
-
SHA1
fc1dbe8cb5443d67414d3f5b2801b6d4097c75e2
-
SHA256
717cf0c5f85bbf12aee6e551de05ca65c6c955ccc19bdaff4e775d3d95f7a059
-
SHA512
89fa053779d864515bb7cea11a31fc2bc96861e9f548da95a0497db3adb7d2877c6923eeb1e9a7f2a6cde1b5b1307168f33338b91f8ddd210ca1dcf7f16563df
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-