General
-
Target
89695d68804aa5f25f83d110a0cf146ced990af72b2ab2dfced07632176e0942
-
Size
350KB
-
Sample
220129-pnv68safgl
-
MD5
6b32b19e8d19107ca44fac9a3026cc67
-
SHA1
021108af8ead28885c773f288a24c46655a86fb0
-
SHA256
89695d68804aa5f25f83d110a0cf146ced990af72b2ab2dfced07632176e0942
-
SHA512
b4ce8ff0319b9f3614ec52cc534713175ee0753265d1b5c5cfafea1a15762c8ebefbed684f91bddd1d68f71491825fd9e3485357b743433189675983d472e579
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
89695d68804aa5f25f83d110a0cf146ced990af72b2ab2dfced07632176e0942
-
Size
350KB
-
MD5
6b32b19e8d19107ca44fac9a3026cc67
-
SHA1
021108af8ead28885c773f288a24c46655a86fb0
-
SHA256
89695d68804aa5f25f83d110a0cf146ced990af72b2ab2dfced07632176e0942
-
SHA512
b4ce8ff0319b9f3614ec52cc534713175ee0753265d1b5c5cfafea1a15762c8ebefbed684f91bddd1d68f71491825fd9e3485357b743433189675983d472e579
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-