Discover and read the best of Twitter Threads about #okistealer

Most recents (1)

2022-12-29 (Thursday) - FFS, another Google ad, this time to a fake AnyDesk page at computer-remote[.]site. This time it's an #ArkeiStealer variant (#Vidar/#OkiStealer/#MarsStealer/whatever its morphed into now). Carved EXE sample: bazaar.abuse.ch/sample/2e25487…
Couldn't get the full zip uploaded to Malware Bazaar, because it was too big. Got it sent to VirusTotal, though.

- virustotal.com/gui/file/50183…

Analysis of the extracted and carved EXE:

- app.any.run/tasks/80236e10…
- tria.ge/221230-fk3mgaa…
As you can see from the images on the original tweet, the Windows computer I infected was set up as a Brazil-based host using Portuguese language. Why? No real reason. I just wanted to try something different.
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!