General
-
Target
672a4aed2cf024f680d65b79b037dfb4e2f303a3ca30000582f9bbecbe706a24
-
Size
269KB
-
Sample
220122-jgwxasacer
-
MD5
6f5d1073ab8bcda3814e17a6f2c45e8c
-
SHA1
7217a830382c72064c64cf741c7a094eb668b295
-
SHA256
672a4aed2cf024f680d65b79b037dfb4e2f303a3ca30000582f9bbecbe706a24
-
SHA512
006f9bd26c9cc3d73c282f71ae6c74d841da66fd0b6237c483c470e599b2bf4bba9dee40690fb619a45857fa72cdc1fab39d1ae274dfd49e145d47868363e3c5
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
672a4aed2cf024f680d65b79b037dfb4e2f303a3ca30000582f9bbecbe706a24
-
Size
269KB
-
MD5
6f5d1073ab8bcda3814e17a6f2c45e8c
-
SHA1
7217a830382c72064c64cf741c7a094eb668b295
-
SHA256
672a4aed2cf024f680d65b79b037dfb4e2f303a3ca30000582f9bbecbe706a24
-
SHA512
006f9bd26c9cc3d73c282f71ae6c74d841da66fd0b6237c483c470e599b2bf4bba9dee40690fb619a45857fa72cdc1fab39d1ae274dfd49e145d47868363e3c5
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-