General
-
Target
7c14666aa7287967408b85ea07ca9443.exe
-
Size
351KB
-
Sample
220129-kq2pksgfhn
-
MD5
7c14666aa7287967408b85ea07ca9443
-
SHA1
40f8098d44e142d0b553b2bff8fd50d4ca3a5677
-
SHA256
2ea126f1ccaf54e9fcbf610e82561bcac077a17b9b389671e53bbce2a5df93b4
-
SHA512
a892ca447c82c17671d61204b2d4b41066ed636650303c29deda55286948e003c650bfe698d669b0666829cd2e2d8da0ff23155c1dfd77dbb71cf9b6ea7e4ca0
Static task
static1
Behavioral task
behavioral1
Sample
7c14666aa7287967408b85ea07ca9443.exe
Resource
win7-en-20211208
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
7c14666aa7287967408b85ea07ca9443.exe
-
Size
351KB
-
MD5
7c14666aa7287967408b85ea07ca9443
-
SHA1
40f8098d44e142d0b553b2bff8fd50d4ca3a5677
-
SHA256
2ea126f1ccaf54e9fcbf610e82561bcac077a17b9b389671e53bbce2a5df93b4
-
SHA512
a892ca447c82c17671d61204b2d4b41066ed636650303c29deda55286948e003c650bfe698d669b0666829cd2e2d8da0ff23155c1dfd77dbb71cf9b6ea7e4ca0
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-