General
-
Target
5fd1210ecfcc0acdc9fd1051012a51a04ec1ec4214e25385d69b64e38b80ddc2
-
Size
263KB
-
Sample
220120-1wnmxabhek
-
MD5
d79ab605c09a87318f61acba702e05a7
-
SHA1
033261bbc7e65a53d1a30776dc69d7ec64322192
-
SHA256
5fd1210ecfcc0acdc9fd1051012a51a04ec1ec4214e25385d69b64e38b80ddc2
-
SHA512
f303b26e6fcdce2fa61c15e90f5586e613cd7dfb8d2adacba926ed0a26679435a533d4a91948317b2b6a73a974ddae5d289a35b8beca9a2b19ff533548eb34ed
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
5fd1210ecfcc0acdc9fd1051012a51a04ec1ec4214e25385d69b64e38b80ddc2
-
Size
263KB
-
MD5
d79ab605c09a87318f61acba702e05a7
-
SHA1
033261bbc7e65a53d1a30776dc69d7ec64322192
-
SHA256
5fd1210ecfcc0acdc9fd1051012a51a04ec1ec4214e25385d69b64e38b80ddc2
-
SHA512
f303b26e6fcdce2fa61c15e90f5586e613cd7dfb8d2adacba926ed0a26679435a533d4a91948317b2b6a73a974ddae5d289a35b8beca9a2b19ff533548eb34ed
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-