General

  • Target

    e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

  • Size

    472KB

  • Sample

    220201-dvs5nsfhdj

  • MD5

    1d89655e3611bb3ea501f60433beca36

  • SHA1

    4426a01bbf8c6670fb884ea6ed87923ccbcd025c

  • SHA256

    e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

  • SHA512

    4901c78e7385c6fac493cbf8e09a7f2a98fe7cac62dc31c68e51954f9fd8b3afc5a0e3303701c64db8acd9d532661cc238a5d9a88916d6c1b6f9042a16335021

Malware Config

Targets

    • Target

      e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

    • Size

      472KB

    • MD5

      1d89655e3611bb3ea501f60433beca36

    • SHA1

      4426a01bbf8c6670fb884ea6ed87923ccbcd025c

    • SHA256

      e38724644ed4643ebcdea6b0ae8345bf094d9f6e6d81b0acb244f96a3129077e

    • SHA512

      4901c78e7385c6fac493cbf8e09a7f2a98fe7cac62dc31c68e51954f9fd8b3afc5a0e3303701c64db8acd9d532661cc238a5d9a88916d6c1b6f9042a16335021

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks