Behavioral task
behavioral1
Sample
a6c98e3050033e5c9e2fd21316e08851.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a6c98e3050033e5c9e2fd21316e08851.exe
Resource
win10v2004-20231215-en
General
-
Target
a6c98e3050033e5c9e2fd21316e08851
-
Size
94KB
-
MD5
a6c98e3050033e5c9e2fd21316e08851
-
SHA1
929a4e48e28e3087511be5129356a97d260ac838
-
SHA256
b60f9f325b9e67eccc1cdbd03bdfbcfa3a2eed7c8f5f525e036e1a88dc6ee28c
-
SHA512
b7be8f8cd41eb4e4bb1c15093b8255334f3e3f8b7a93be6d50dd894a40d43735dc04c72710994b3dff49acdfc6eb76819e210fe45ee5b5bac76965c11f53df02
-
SSDEEP
1536:YmHnlXQnQNSRZ+A+v9C0+K71SW3YGC7lagvHFCea8blcgafrgWB6RyOc:YmHnlX1HA+SKDrGlaSlflrYrv6Ryn
Malware Config
Extracted
arkei
channel2
telemetryinfo.xyz/tytfu656i7kuydgsjdsdu.php
Signatures
-
Arkei family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a6c98e3050033e5c9e2fd21316e08851
Files
-
a6c98e3050033e5c9e2fd21316e08851.exe windows:5 windows x86 arch:x86
7a3cd68b30647aa7842f81d47c8efa54
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
strncpy
_putenv
rand
srand
getenv
_mbsicmp
strstr
strtok
memcpy
memset
kernel32
LocalAlloc
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE