General
-
Target
26233b3d38053a03be0f6464e67190f46b0b2b36699d3e9c97d6a8f45eb3a5bf
-
Size
240KB
-
Sample
220131-vvs84sacel
-
MD5
885407f7ecf242abce7d8319b08c4c24
-
SHA1
152ba3c395d39954f9095d4e77e6ad9013023647
-
SHA256
26233b3d38053a03be0f6464e67190f46b0b2b36699d3e9c97d6a8f45eb3a5bf
-
SHA512
d26b6d5a9b60c21c67ec7aba43c6c3e630e28d58206db3ee3f43610949a9a323ecb775d79cc45b6c30071b6913050617e94ae51ad7ebee050ef0318749ffa20e
Static task
static1
Malware Config
Extracted
arkei
Default
http://coin-file-file-19.com/tratata.php
Targets
-
-
Target
26233b3d38053a03be0f6464e67190f46b0b2b36699d3e9c97d6a8f45eb3a5bf
-
Size
240KB
-
MD5
885407f7ecf242abce7d8319b08c4c24
-
SHA1
152ba3c395d39954f9095d4e77e6ad9013023647
-
SHA256
26233b3d38053a03be0f6464e67190f46b0b2b36699d3e9c97d6a8f45eb3a5bf
-
SHA512
d26b6d5a9b60c21c67ec7aba43c6c3e630e28d58206db3ee3f43610949a9a323ecb775d79cc45b6c30071b6913050617e94ae51ad7ebee050ef0318749ffa20e
-
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-