General
-
Target
82bdeedf8bb72dda944b10dc4cf12d85a47040d9ef50d38a74500e3a8976fd3a
-
Size
289KB
-
Sample
220120-c8xjksfbdl
-
MD5
3b51cf8959ff07ee898f852615b74781
-
SHA1
82b3263f71c2703d6917926f4a41037dfcb69f1f
-
SHA256
82bdeedf8bb72dda944b10dc4cf12d85a47040d9ef50d38a74500e3a8976fd3a
-
SHA512
0646859d21707562c6661806e57da0b07ca2a4338aaf6f232242009e96e00651d23f9a86c651f9c999a0cfea0d0f5e8ab75f4f78f0a9470dac543a16b2b64a1f
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
82bdeedf8bb72dda944b10dc4cf12d85a47040d9ef50d38a74500e3a8976fd3a
-
Size
289KB
-
MD5
3b51cf8959ff07ee898f852615b74781
-
SHA1
82b3263f71c2703d6917926f4a41037dfcb69f1f
-
SHA256
82bdeedf8bb72dda944b10dc4cf12d85a47040d9ef50d38a74500e3a8976fd3a
-
SHA512
0646859d21707562c6661806e57da0b07ca2a4338aaf6f232242009e96e00651d23f9a86c651f9c999a0cfea0d0f5e8ab75f4f78f0a9470dac543a16b2b64a1f
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-