General

  • Target

    127a426b223392107a3c61b6d03a4841d0bc551c835003f3352c9e94a4771fc5

  • Size

    1.8MB

  • Sample

    220603-tnypksfdfj

  • MD5

    0a1340bb124cd0d79fa19a09c821a049

  • SHA1

    45007e1bc83848f4eb4826ea4505bc70a20b4632

  • SHA256

    127a426b223392107a3c61b6d03a4841d0bc551c835003f3352c9e94a4771fc5

  • SHA512

    34ee74a86f0350724c1395b4f2aefcb6d99c3b8bda969dac3f8b8a5a79eb5c1120c490c9e59b0744a98c0ac9ebe855dd583d9ef5455ea0c86921ba0090b2c07d

Malware Config

Targets

    • Target

      127a426b223392107a3c61b6d03a4841d0bc551c835003f3352c9e94a4771fc5

    • Size

      1.8MB

    • MD5

      0a1340bb124cd0d79fa19a09c821a049

    • SHA1

      45007e1bc83848f4eb4826ea4505bc70a20b4632

    • SHA256

      127a426b223392107a3c61b6d03a4841d0bc551c835003f3352c9e94a4771fc5

    • SHA512

      34ee74a86f0350724c1395b4f2aefcb6d99c3b8bda969dac3f8b8a5a79eb5c1120c490c9e59b0744a98c0ac9ebe855dd583d9ef5455ea0c86921ba0090b2c07d

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks