General
-
Target
21b40487207e38e15428c0b6e471874424bbe60d0b572eb4061acb2234d3ae45
-
Size
302KB
-
Sample
220119-wcw3qacacp
-
MD5
5591d9fba78860014f23397b5aafe733
-
SHA1
b20bf276b24faa917e9b58162ba6b694d53f67b5
-
SHA256
21b40487207e38e15428c0b6e471874424bbe60d0b572eb4061acb2234d3ae45
-
SHA512
f695441af5f3e5d23f3fa2e4c12db33bb4979b209d5d8635515faabebb89f8dc61c451dd12cec9c2a24de81f4d52f62564f6a243cb7abf9c4ad1cacd7b002389
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
21b40487207e38e15428c0b6e471874424bbe60d0b572eb4061acb2234d3ae45
-
Size
302KB
-
MD5
5591d9fba78860014f23397b5aafe733
-
SHA1
b20bf276b24faa917e9b58162ba6b694d53f67b5
-
SHA256
21b40487207e38e15428c0b6e471874424bbe60d0b572eb4061acb2234d3ae45
-
SHA512
f695441af5f3e5d23f3fa2e4c12db33bb4979b209d5d8635515faabebb89f8dc61c451dd12cec9c2a24de81f4d52f62564f6a243cb7abf9c4ad1cacd7b002389
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-