General
-
Target
a84f132af3fe5d0c962f5f8d11704872d7171bd75d425dde3d182f01e249fe3b
-
Size
297KB
-
Sample
220125-tsrf3aafhq
-
MD5
1c9cebfc7dae1d1b75538ba7f496bbfb
-
SHA1
7ff87bbcc5c04386800985bf55b4373993e3f3d5
-
SHA256
a84f132af3fe5d0c962f5f8d11704872d7171bd75d425dde3d182f01e249fe3b
-
SHA512
1cd66e84f60a1b7bd7c205c17b2d608e20a91d260729de2ce0bcbbbc531aa948d9dc4f24ff2ad17ce76a2f99defe5ee1325dcf2e2844f47fb60658e0bee34aba
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
a84f132af3fe5d0c962f5f8d11704872d7171bd75d425dde3d182f01e249fe3b
-
Size
297KB
-
MD5
1c9cebfc7dae1d1b75538ba7f496bbfb
-
SHA1
7ff87bbcc5c04386800985bf55b4373993e3f3d5
-
SHA256
a84f132af3fe5d0c962f5f8d11704872d7171bd75d425dde3d182f01e249fe3b
-
SHA512
1cd66e84f60a1b7bd7c205c17b2d608e20a91d260729de2ce0bcbbbc531aa948d9dc4f24ff2ad17ce76a2f99defe5ee1325dcf2e2844f47fb60658e0bee34aba
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-