General
-
Target
07951f7d697185761fc2bfd184d6f5b4fb7806c3e63bdac889659ab1fc197d25
-
Size
303KB
-
Sample
220119-svy39abagj
-
MD5
f07f0b86b2493eda394aea21a05a62d4
-
SHA1
25810ad73b49fdbcb65ecfa161b3c9bfc4d8df84
-
SHA256
07951f7d697185761fc2bfd184d6f5b4fb7806c3e63bdac889659ab1fc197d25
-
SHA512
f8c0747fcb13e38c51a7fd7944f7321e433d8e604e78cac71835e375aa6a669c539451452011169f58ada27b2c0f9ab1c9d25a663c1c80cece408f7635d847a8
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
07951f7d697185761fc2bfd184d6f5b4fb7806c3e63bdac889659ab1fc197d25
-
Size
303KB
-
MD5
f07f0b86b2493eda394aea21a05a62d4
-
SHA1
25810ad73b49fdbcb65ecfa161b3c9bfc4d8df84
-
SHA256
07951f7d697185761fc2bfd184d6f5b4fb7806c3e63bdac889659ab1fc197d25
-
SHA512
f8c0747fcb13e38c51a7fd7944f7321e433d8e604e78cac71835e375aa6a669c539451452011169f58ada27b2c0f9ab1c9d25a663c1c80cece408f7635d847a8
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-