General
-
Target
2662595d6636f2bd30ed07dfe8fa323b60f0e0a6a4b637305830e4287bdd359b
-
Size
333KB
-
Sample
220121-3knvmsdeaj
-
MD5
c20865bb571d0fe56e38472b21b460be
-
SHA1
02311dba294f74ec4cd3ed82d326159334ec8bb3
-
SHA256
2662595d6636f2bd30ed07dfe8fa323b60f0e0a6a4b637305830e4287bdd359b
-
SHA512
bd72b7b07ee44186ec631293c1932fc32c0fbac92d46800092b3c87b10c77e8a897b9edf78dd09f48594242d2cc018a459cd3a17037a044bc38020112b089dce
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
2662595d6636f2bd30ed07dfe8fa323b60f0e0a6a4b637305830e4287bdd359b
-
Size
333KB
-
MD5
c20865bb571d0fe56e38472b21b460be
-
SHA1
02311dba294f74ec4cd3ed82d326159334ec8bb3
-
SHA256
2662595d6636f2bd30ed07dfe8fa323b60f0e0a6a4b637305830e4287bdd359b
-
SHA512
bd72b7b07ee44186ec631293c1932fc32c0fbac92d46800092b3c87b10c77e8a897b9edf78dd09f48594242d2cc018a459cd3a17037a044bc38020112b089dce
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-