General
-
Target
1cf079556f0f5e17a883c94f09f40426f6aa7aaae54d81fcd6677ff1ffee28e4
-
Size
331KB
-
Sample
220121-ks4a7aeebj
-
MD5
87f5951eb96020562c75af1763fcb0a1
-
SHA1
b6ba82d8e30e47a52bd4b1596e21323e9b8a9fc5
-
SHA256
1cf079556f0f5e17a883c94f09f40426f6aa7aaae54d81fcd6677ff1ffee28e4
-
SHA512
9b09f8b0621ecdfd4bbb4c181377ecdf91165b8a4c81f1bbaab402479676b4b2402f9a38dc56b2aaac6177afe07b63d14dfcef9a8dc6164d323adf4ac9330257
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
1cf079556f0f5e17a883c94f09f40426f6aa7aaae54d81fcd6677ff1ffee28e4
-
Size
331KB
-
MD5
87f5951eb96020562c75af1763fcb0a1
-
SHA1
b6ba82d8e30e47a52bd4b1596e21323e9b8a9fc5
-
SHA256
1cf079556f0f5e17a883c94f09f40426f6aa7aaae54d81fcd6677ff1ffee28e4
-
SHA512
9b09f8b0621ecdfd4bbb4c181377ecdf91165b8a4c81f1bbaab402479676b4b2402f9a38dc56b2aaac6177afe07b63d14dfcef9a8dc6164d323adf4ac9330257
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-