General
-
Target
eb1ac27f5fc6237d4e6466814ddaec74a35f84064ae842ff11267165a7b9a24f
-
Size
270KB
-
Sample
220122-j7mrbaadgk
-
MD5
bf3f946333152b070d14189617790bd8
-
SHA1
22cd4eb18d6315ee4fd155059e1d48d07c1bcb30
-
SHA256
eb1ac27f5fc6237d4e6466814ddaec74a35f84064ae842ff11267165a7b9a24f
-
SHA512
afe5d4d16adb1d3841c80c65a3f4e3b2870e7ef1368416aa283b128472f0ecb068941d53b8475966d76600ed8116ee4435de12f8d7c5bc46161af6b4dcfa893f
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
eb1ac27f5fc6237d4e6466814ddaec74a35f84064ae842ff11267165a7b9a24f
-
Size
270KB
-
MD5
bf3f946333152b070d14189617790bd8
-
SHA1
22cd4eb18d6315ee4fd155059e1d48d07c1bcb30
-
SHA256
eb1ac27f5fc6237d4e6466814ddaec74a35f84064ae842ff11267165a7b9a24f
-
SHA512
afe5d4d16adb1d3841c80c65a3f4e3b2870e7ef1368416aa283b128472f0ecb068941d53b8475966d76600ed8116ee4435de12f8d7c5bc46161af6b4dcfa893f
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-