General
-
Target
c0c9ed592fd99d7a59a41b4fb8cda24bbccf135d995aefc9a7c82a45b2a1f3af
-
Size
351KB
-
Sample
220129-bbq5vshffl
-
MD5
fa8c79a5325febc363b4218c7476d424
-
SHA1
7a15a38e7d1226644876450ab6ca711574bb514c
-
SHA256
c0c9ed592fd99d7a59a41b4fb8cda24bbccf135d995aefc9a7c82a45b2a1f3af
-
SHA512
497b7085bc7662a26d6d79d47349b751a872aa77e3f9903b960b48f6952ca50ed53ccf28fbccaf0ee88b1ef20ece486e8dacbb07f268289df58974d5078c9f97
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
c0c9ed592fd99d7a59a41b4fb8cda24bbccf135d995aefc9a7c82a45b2a1f3af
-
Size
351KB
-
MD5
fa8c79a5325febc363b4218c7476d424
-
SHA1
7a15a38e7d1226644876450ab6ca711574bb514c
-
SHA256
c0c9ed592fd99d7a59a41b4fb8cda24bbccf135d995aefc9a7c82a45b2a1f3af
-
SHA512
497b7085bc7662a26d6d79d47349b751a872aa77e3f9903b960b48f6952ca50ed53ccf28fbccaf0ee88b1ef20ece486e8dacbb07f268289df58974d5078c9f97
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-