arkei | 1[.]bin | Triage

Sharing

General

Target

1.bin
Size

184KB
MD5

f44612558b731b168cd0d71462fed53e
SHA1

8113d350835eeb13ba52907fdd7e95c85eb4e34e
SHA256

ea6e111c255db8015bfd19ccb6806941c2fd03157b450887a7ea8ccc2580c47c
SHA512

82277b5746aaa19722675dcabcefece89ba993d49a0faac961ab425d7094c1f24ab16a8fc3da110200482a11ab83036c20f70b65cfe97c82a311ae8354b6584e
SSDEEP

3072:SMNChabHKlotHacShr4wazoaSCZI0838+GRMr:SMNChab6xmW81M

Score

10^/10

stealer default arkei

Malware Config

Extracted

Family

arkei

Botnet

Default

C2

http://ntadancrdal.xyz/LYuDOmBeQs.php

Signatures

Arkei Stealer Payload 1 IoCs
stealer

Processes:

resource yara_rule

sample family_arkei
Arkei family
arkei

Files

1.bin
.exe windows x86

4470b7e70278da6ba1602d95a01e308a

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ