General

  • Target

    23228cc73fc7530de43ee9ec1253e6fda84ecd660f899fcad3755e7149cc4e39

  • Size

    1.0MB

  • Sample

    220516-ccfwyshef5

  • MD5

    75890e9d7b02e79fd15c992c043c1a8c

  • SHA1

    f5999cf9e7c4dd49015dd8fbfbb713981baa1933

  • SHA256

    23228cc73fc7530de43ee9ec1253e6fda84ecd660f899fcad3755e7149cc4e39

  • SHA512

    06b33df40972c594af75b12a93558534b1ec9113a2a059eaf3b17468d5d045d1a353c1ff017faabda8d1b757ba332f981503534e6d18b22b8619f23003ad0ee0

Malware Config

Targets

    • Target

      23228cc73fc7530de43ee9ec1253e6fda84ecd660f899fcad3755e7149cc4e39

    • Size

      1.0MB

    • MD5

      75890e9d7b02e79fd15c992c043c1a8c

    • SHA1

      f5999cf9e7c4dd49015dd8fbfbb713981baa1933

    • SHA256

      23228cc73fc7530de43ee9ec1253e6fda84ecd660f899fcad3755e7149cc4e39

    • SHA512

      06b33df40972c594af75b12a93558534b1ec9113a2a059eaf3b17468d5d045d1a353c1ff017faabda8d1b757ba332f981503534e6d18b22b8619f23003ad0ee0

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks