General

  • Target

    cb8872338f99b859a24c9f5453efcc18e6967c3fc931fdc4d5d567198419cfb5

  • Size

    481KB

  • Sample

    220521-ab93ascghr

  • MD5

    1fe7534fdde6a4f08e79b25e0051a3b8

  • SHA1

    927938291ec2aa6f27e87adb66d6a16ba8e84abc

  • SHA256

    cb8872338f99b859a24c9f5453efcc18e6967c3fc931fdc4d5d567198419cfb5

  • SHA512

    15dda8a3a9e0e19992a8a5cda6bfab7af4a5bbba8b4daf470ea12b201f393c730836f7dcef117dc89869717521bd6d8b4233fa880b457ef091a149e4def6b3f3

Malware Config

Targets

    • Target

      cb8872338f99b859a24c9f5453efcc18e6967c3fc931fdc4d5d567198419cfb5

    • Size

      481KB

    • MD5

      1fe7534fdde6a4f08e79b25e0051a3b8

    • SHA1

      927938291ec2aa6f27e87adb66d6a16ba8e84abc

    • SHA256

      cb8872338f99b859a24c9f5453efcc18e6967c3fc931fdc4d5d567198419cfb5

    • SHA512

      15dda8a3a9e0e19992a8a5cda6bfab7af4a5bbba8b4daf470ea12b201f393c730836f7dcef117dc89869717521bd6d8b4233fa880b457ef091a149e4def6b3f3

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • suricata: ET MALWARE Sorano Stealer CnC Checkin

      suricata: ET MALWARE Sorano Stealer CnC Checkin

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks