General
-
Target
278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
-
Size
284KB
-
Sample
220124-bzwegshfaj
-
MD5
51366f65ae6218610e36e57300dd1880
-
SHA1
036111329167f2779f6d0b1637754b288411ae32
-
SHA256
278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
-
SHA512
f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
-
Size
284KB
-
MD5
51366f65ae6218610e36e57300dd1880
-
SHA1
036111329167f2779f6d0b1637754b288411ae32
-
SHA256
278f127fd5be93045598ce3e8b1b8154732b1b87876c39712951ba82aa733424
-
SHA512
f743b7f306ecd8080d260e89b90d409557def23d1d3166730ad2ebbf5aa123a9940cc0476b739fc6a1dc7ffce99ad7848be906bf031330679df70ab08bfceda0
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
2Command and Control
Credential Access
Credentials in Files
2Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation