General
-
Target
fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5
-
Size
295KB
-
Sample
220124-nmcg3aeeer
-
MD5
56d68834f92fc16f9fbfd6050fb603a5
-
SHA1
ff41773f9af885780fb90078fa9e91bc12311577
-
SHA256
fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5
-
SHA512
841b1dceebca65a30da70d9fcbb8e7c32d07e1fc6771ab4f5a94f261de7d1e1712f5c5667e0d762acc9eac9d7a7effa56676f741613912d3ed46d26df3a3f0b3
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5
-
Size
295KB
-
MD5
56d68834f92fc16f9fbfd6050fb603a5
-
SHA1
ff41773f9af885780fb90078fa9e91bc12311577
-
SHA256
fafa04a971c0bce7dc4398f93cc4bca6b69fc8a603b47848259944ad029c5de5
-
SHA512
841b1dceebca65a30da70d9fcbb8e7c32d07e1fc6771ab4f5a94f261de7d1e1712f5c5667e0d762acc9eac9d7a7effa56676f741613912d3ed46d26df3a3f0b3
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-