General
-
Target
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
-
Size
274KB
-
Sample
220127-e12vfafdgk
-
MD5
c0cebf58bc464d40ada9444c8c19e955
-
SHA1
52cc6a2c87862b1c815e843f154ec9cb66f345e9
-
SHA256
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
-
SHA512
ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
-
Size
274KB
-
MD5
c0cebf58bc464d40ada9444c8c19e955
-
SHA1
52cc6a2c87862b1c815e843f154ec9cb66f345e9
-
SHA256
bd610b2389b0ea2a2d37bc31655de8aa44c96ea5836c873c8df49a715a57b602
-
SHA512
ed979071f02a7eaace9b393fb4b75265694fe2466c147858223351057e5513f5849830bc0170d0323956d088b9d68e5e880a262ebdc15351204649f5ee1a5490
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-