General
-
Target
ee904185bf8ef311bf0bb70aa47d96db218dcd8c9db24057f7d111a3de7c8c5f
-
Size
270KB
-
Sample
220122-df32bshehq
-
MD5
0a1b1aab298618d3bc98a2fe05b523f2
-
SHA1
fe9cf7cbb3f664b6a08f8c118ffa2818640a2014
-
SHA256
ee904185bf8ef311bf0bb70aa47d96db218dcd8c9db24057f7d111a3de7c8c5f
-
SHA512
cc12f74acfeeb47c71fe0c080f8fd5acf2e1a94c7f75c375df1c327e0d900b4550411e9983b549884eafe20f7bd1ba0f634fcd200de5d9bc8db5c26c8f6727b2
Static task
static1
Malware Config
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
ee904185bf8ef311bf0bb70aa47d96db218dcd8c9db24057f7d111a3de7c8c5f
-
Size
270KB
-
MD5
0a1b1aab298618d3bc98a2fe05b523f2
-
SHA1
fe9cf7cbb3f664b6a08f8c118ffa2818640a2014
-
SHA256
ee904185bf8ef311bf0bb70aa47d96db218dcd8c9db24057f7d111a3de7c8c5f
-
SHA512
cc12f74acfeeb47c71fe0c080f8fd5acf2e1a94c7f75c375df1c327e0d900b4550411e9983b549884eafe20f7bd1ba0f634fcd200de5d9bc8db5c26c8f6727b2
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-