General
-
Target
5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6
-
Size
351KB
-
Sample
220125-wm8t9sccem
-
MD5
f9eeb74491111d0a7141af4e82ffa403
-
SHA1
a29891e2d0e6707e066db393173b5c53dc185973
-
SHA256
5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6
-
SHA512
b98febaa6cef29bacbbd38297e1949389a38d3b860f7a9723eb2abffe3458ad1255484bf8a7b50465701ecd64bd3ef57dbcf8500630d7738598de563aee7f1de
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6
-
Size
351KB
-
MD5
f9eeb74491111d0a7141af4e82ffa403
-
SHA1
a29891e2d0e6707e066db393173b5c53dc185973
-
SHA256
5112a826cd217c402ecdce7520fa51cd3e07a9d9a48cda7e79ad5c11215126f6
-
SHA512
b98febaa6cef29bacbbd38297e1949389a38d3b860f7a9723eb2abffe3458ad1255484bf8a7b50465701ecd64bd3ef57dbcf8500630d7738598de563aee7f1de
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-