General
-
Target
d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc
-
Size
355KB
-
Sample
220128-qgp73sdbbj
-
MD5
ea20ae4d3b5424305128525583c1b453
-
SHA1
546c0747c34b109aeafd6565b0cc95bae5f1f432
-
SHA256
d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc
-
SHA512
e42b3f91f8cc7586016a9645a5e615b7c2b84633d6e7bfc364c64f9a193edb747c4b5e5b109ca8b9d3aacbf7b544e29076fc4c44878aee80cb0cf414549d223c
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc
-
Size
355KB
-
MD5
ea20ae4d3b5424305128525583c1b453
-
SHA1
546c0747c34b109aeafd6565b0cc95bae5f1f432
-
SHA256
d091c9fd860e28efe49539e608cfd08e35fdb735daf396d3ca9b492cc239c0bc
-
SHA512
e42b3f91f8cc7586016a9645a5e615b7c2b84633d6e7bfc364c64f9a193edb747c4b5e5b109ca8b9d3aacbf7b544e29076fc4c44878aee80cb0cf414549d223c
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-