General
-
Target
8f2a00a0e9a440854541808ce61deb15cc0b27579c432ea747524046e7f64fd7
-
Size
332KB
-
Sample
220121-r3br9aabcm
-
MD5
b75617b7f7ccc8ecc740b7e9845ef1c4
-
SHA1
176b4b0cd94db669da7e8bc7a0d0b2caafc6267c
-
SHA256
8f2a00a0e9a440854541808ce61deb15cc0b27579c432ea747524046e7f64fd7
-
SHA512
9c895c8256d87458bb56143dce8ec3d1e4c5f0c308bb23a3a1e723421f5a4a95a8087c6ae40911119fb8b91897b141e0302cf6f9ca8c68650a9c8ac0f396cb85
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
8f2a00a0e9a440854541808ce61deb15cc0b27579c432ea747524046e7f64fd7
-
Size
332KB
-
MD5
b75617b7f7ccc8ecc740b7e9845ef1c4
-
SHA1
176b4b0cd94db669da7e8bc7a0d0b2caafc6267c
-
SHA256
8f2a00a0e9a440854541808ce61deb15cc0b27579c432ea747524046e7f64fd7
-
SHA512
9c895c8256d87458bb56143dce8ec3d1e4c5f0c308bb23a3a1e723421f5a4a95a8087c6ae40911119fb8b91897b141e0302cf6f9ca8c68650a9c8ac0f396cb85
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-