General
-
Target
baceb420d0b612a02e03b5e3988f4f29832934cb5acfd33ae3ff040ebd84ae89
-
Size
282KB
-
Sample
220123-lrr27sfghq
-
MD5
9e5d07aa6063760619ea6d4836e5e1bd
-
SHA1
acceb41d85a48d3a033b74e21db2ed5bfe2f173c
-
SHA256
baceb420d0b612a02e03b5e3988f4f29832934cb5acfd33ae3ff040ebd84ae89
-
SHA512
22b05c53227c7de75a11251da7ca4a7aaebe3d00fbf5b81e391850fda08f6f8d48da038534fa4668edee20812a7bbf5ede6887327c48b8ec614df2f75144e1ab
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
baceb420d0b612a02e03b5e3988f4f29832934cb5acfd33ae3ff040ebd84ae89
-
Size
282KB
-
MD5
9e5d07aa6063760619ea6d4836e5e1bd
-
SHA1
acceb41d85a48d3a033b74e21db2ed5bfe2f173c
-
SHA256
baceb420d0b612a02e03b5e3988f4f29832934cb5acfd33ae3ff040ebd84ae89
-
SHA512
22b05c53227c7de75a11251da7ca4a7aaebe3d00fbf5b81e391850fda08f6f8d48da038534fa4668edee20812a7bbf5ede6887327c48b8ec614df2f75144e1ab
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-