General
-
Target
6b1ba9acf65c8792115f5b7b05415a9909d2d70e9cbec1ca3aa91288ee3e6fd9
-
Size
289KB
-
Sample
220119-yrjr2scgcq
-
MD5
e63164e13f37b081e1efe5abb64daa46
-
SHA1
a020d207614a4946c3820d1c48fd3c3a7bc2b51b
-
SHA256
6b1ba9acf65c8792115f5b7b05415a9909d2d70e9cbec1ca3aa91288ee3e6fd9
-
SHA512
6b72d5102e9f6028808fc3cd40fb7f6dc22dde2fa589c1da54d91c8fabb43a8773d211fe7cf3f5b3934d22ece3f74a83e9d8c7a9688d751e73495cdaa82e5f31
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
6b1ba9acf65c8792115f5b7b05415a9909d2d70e9cbec1ca3aa91288ee3e6fd9
-
Size
289KB
-
MD5
e63164e13f37b081e1efe5abb64daa46
-
SHA1
a020d207614a4946c3820d1c48fd3c3a7bc2b51b
-
SHA256
6b1ba9acf65c8792115f5b7b05415a9909d2d70e9cbec1ca3aa91288ee3e6fd9
-
SHA512
6b72d5102e9f6028808fc3cd40fb7f6dc22dde2fa589c1da54d91c8fabb43a8773d211fe7cf3f5b3934d22ece3f74a83e9d8c7a9688d751e73495cdaa82e5f31
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-