General

  • Target

    ad02ac3e209a266673c81d9abd0558567df26485442dcb7e682ee76d93db19e4

  • Size

    624KB

  • Sample

    220725-d2nhrschc5

  • MD5

    eeaec39e8b20d14c523d6589dd6ea1f3

  • SHA1

    a41120efe6872189fb4fc5a510938125e375d7e4

  • SHA256

    ad02ac3e209a266673c81d9abd0558567df26485442dcb7e682ee76d93db19e4

  • SHA512

    7b40adb651acaa7ae27ddfd7435cf6cb06916adec0a1b9f09212b9c730271af1811e203f5e7d626a976b80a48a03cd792558f2538f733841f2adaaeb63377abe

Malware Config

Targets

    • Target

      ad02ac3e209a266673c81d9abd0558567df26485442dcb7e682ee76d93db19e4

    • Size

      624KB

    • MD5

      eeaec39e8b20d14c523d6589dd6ea1f3

    • SHA1

      a41120efe6872189fb4fc5a510938125e375d7e4

    • SHA256

      ad02ac3e209a266673c81d9abd0558567df26485442dcb7e682ee76d93db19e4

    • SHA512

      7b40adb651acaa7ae27ddfd7435cf6cb06916adec0a1b9f09212b9c730271af1811e203f5e7d626a976b80a48a03cd792558f2538f733841f2adaaeb63377abe

    • Arcane log file

      Detects a log file produced by the Arcane Stealer.

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v6

Tasks