General
-
Target
7a1025b8b4b46d2e41022d6e9a98a895ea5095698781b1a1cc0c7c00d688c15a
-
Size
271KB
-
Sample
220122-t81dxaccgp
-
MD5
b18f56f2704eafb77dc62f28a5251985
-
SHA1
342e2d6bdeeb9edea5dba1535f813987067be46b
-
SHA256
7a1025b8b4b46d2e41022d6e9a98a895ea5095698781b1a1cc0c7c00d688c15a
-
SHA512
4de869f9a33647c40a65ebf1b840b4785bca123000ae2f3e1106b086b1c6dcc73993bee23ed0c13575ffa60a54942a70f615b3b480670156a39c2fd78936c9fd
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
7a1025b8b4b46d2e41022d6e9a98a895ea5095698781b1a1cc0c7c00d688c15a
-
Size
271KB
-
MD5
b18f56f2704eafb77dc62f28a5251985
-
SHA1
342e2d6bdeeb9edea5dba1535f813987067be46b
-
SHA256
7a1025b8b4b46d2e41022d6e9a98a895ea5095698781b1a1cc0c7c00d688c15a
-
SHA512
4de869f9a33647c40a65ebf1b840b4785bca123000ae2f3e1106b086b1c6dcc73993bee23ed0c13575ffa60a54942a70f615b3b480670156a39c2fd78936c9fd
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-