General
-
Target
a09e1de98b93b02c1d5350b818da7b691de39e3244551a7597921d5a802981e0
-
Size
350KB
-
Sample
220125-rlrr5sghbr
-
MD5
dcac0a406d06056cfc54fc3307d2bebf
-
SHA1
0da458df693359cb00e7e36ea540310f1cc2c65a
-
SHA256
a09e1de98b93b02c1d5350b818da7b691de39e3244551a7597921d5a802981e0
-
SHA512
768f5b89e7c6b902760763d95409e32f5f20cc770c35a0bbe6504b414e2701eec7cf7c97eef939cc64093566fdac0fe8dbe95734bd547fe47bf6414ec248de6e
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
a09e1de98b93b02c1d5350b818da7b691de39e3244551a7597921d5a802981e0
-
Size
350KB
-
MD5
dcac0a406d06056cfc54fc3307d2bebf
-
SHA1
0da458df693359cb00e7e36ea540310f1cc2c65a
-
SHA256
a09e1de98b93b02c1d5350b818da7b691de39e3244551a7597921d5a802981e0
-
SHA512
768f5b89e7c6b902760763d95409e32f5f20cc770c35a0bbe6504b414e2701eec7cf7c97eef939cc64093566fdac0fe8dbe95734bd547fe47bf6414ec248de6e
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-