General
-
Target
60f8d4d7db82d41f5ffa4eb5e0988d0c6caa08b98ad3230a47511a4fe763b297
-
Size
351KB
-
Sample
220129-adezyagghl
-
MD5
6e737680cee2bf08a1744f73d04e72a0
-
SHA1
690ce3a8903e96317a2e6df19f47bdc26b7039fe
-
SHA256
60f8d4d7db82d41f5ffa4eb5e0988d0c6caa08b98ad3230a47511a4fe763b297
-
SHA512
63f03608dc5657682d73298295ae419e527f4eb791ea6aec0cb38c70134556e5ae23d3e409b9474a8986a7d5f9861477b14b1bc2ce7c784800c196787d2a5a46
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
60f8d4d7db82d41f5ffa4eb5e0988d0c6caa08b98ad3230a47511a4fe763b297
-
Size
351KB
-
MD5
6e737680cee2bf08a1744f73d04e72a0
-
SHA1
690ce3a8903e96317a2e6df19f47bdc26b7039fe
-
SHA256
60f8d4d7db82d41f5ffa4eb5e0988d0c6caa08b98ad3230a47511a4fe763b297
-
SHA512
63f03608dc5657682d73298295ae419e527f4eb791ea6aec0cb38c70134556e5ae23d3e409b9474a8986a7d5f9861477b14b1bc2ce7c784800c196787d2a5a46
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-