General

  • Target

    5c110484ee13ac534194842218a6ed6cad814f481de4f060a96b1d742c9679cf

  • Size

    584KB

  • Sample

    220701-eeessaahcn

  • MD5

    3368953c50b4d307521c308ecd44f2b9

  • SHA1

    a2c065e999cc5f9061b596878047bd2ebe7e9219

  • SHA256

    5c110484ee13ac534194842218a6ed6cad814f481de4f060a96b1d742c9679cf

  • SHA512

    0141613de5dcb4adbb31534f6b1eb480e78bcd903db09b9a6191fa2c4d81509c25fc9a6bb3a159e40e7a059cb9b6ebd240682cdfe0f5957bfee17e4d375365f4

Malware Config

Targets

    • Target

      5c110484ee13ac534194842218a6ed6cad814f481de4f060a96b1d742c9679cf

    • Size

      584KB

    • MD5

      3368953c50b4d307521c308ecd44f2b9

    • SHA1

      a2c065e999cc5f9061b596878047bd2ebe7e9219

    • SHA256

      5c110484ee13ac534194842218a6ed6cad814f481de4f060a96b1d742c9679cf

    • SHA512

      0141613de5dcb4adbb31534f6b1eb480e78bcd903db09b9a6191fa2c4d81509c25fc9a6bb3a159e40e7a059cb9b6ebd240682cdfe0f5957bfee17e4d375365f4

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks