arkei | 1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f[.]bin | Triage

Sharing

General

Target

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.bin
Size

93KB
MD5

68958ce8e51a4b8dd6ff8b8a57515be2
SHA1

d88289eab220b4d8e3dbe4f9f2ce3539105d3c4a
SHA256

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f
SHA512

a3b858721fb2060bf413edf4a893a8d6e860857225bad60d7c3a5be57f672f63d71582d30ace1ed881c57ef6d47a2f196c2b2c135cb4ce86d4015332585484b4
SSDEEP

1536:oWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUZ3jy0:oWTHVn8TXvc4O3CFvlaSED1P8j/

Score

10^/10

stealer arkei marsstealer

Malware Config

Extracted

Family

marsstealer

C2

http://195124.prohoster.biz/pool.php

Signatures

Arkei Stealer Payload 1 IoCs
stealer

Processes:

resource yara_rule

sample family_arkei
Arkei family
arkei
Marsstealer family
marsstealer

Files

1ac7892dbd3997937aced8b8856dd35cfbad407b833da3038cb025dec9a53c2f.bin
.exe windows x86

4c665f81387442ad965e3f4eba69f083

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strstr
strncpy
getenv
rand
srand
_mbsicmp
_putenv
strtok
memcpy
memset

Sections

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

LLCPPC
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE