General

  • Target

    6a4e49637e66fd84c7b04eb4cda003481821f7c8675b0b550195960c36f3e2c8

  • Size

    1.1MB

  • Sample

    220306-12vcmshchr

  • MD5

    1feb4b743a6c9d99654df41aa36347dc

  • SHA1

    1124be07d6e25fc94c066352136dea180a940e0c

  • SHA256

    6a4e49637e66fd84c7b04eb4cda003481821f7c8675b0b550195960c36f3e2c8

  • SHA512

    40ace491fec8d342a6207041903e062e1e35dfc3ea48877fac5f113597f1f3d13e5f1ff755934527d3b1bee48e1e8fd94e18eba53933d480f8c92493e5d7016c

Malware Config

Targets

    • Target

      6a4e49637e66fd84c7b04eb4cda003481821f7c8675b0b550195960c36f3e2c8

    • Size

      1.1MB

    • MD5

      1feb4b743a6c9d99654df41aa36347dc

    • SHA1

      1124be07d6e25fc94c066352136dea180a940e0c

    • SHA256

      6a4e49637e66fd84c7b04eb4cda003481821f7c8675b0b550195960c36f3e2c8

    • SHA512

      40ace491fec8d342a6207041903e062e1e35dfc3ea48877fac5f113597f1f3d13e5f1ff755934527d3b1bee48e1e8fd94e18eba53933d480f8c92493e5d7016c

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks