Behavioral task
behavioral1
Sample
Arsenic/Arsenic.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral2
Sample
Arsenic/extatent.dll
Resource
win10v2004-20230915-en
General
-
Target
Arsenic.zip
-
Size
12.6MB
-
MD5
aa2bda3d8bdb37fc8d21f539b02dfc3c
-
SHA1
666fd4629fe882e7ff84a51c716d33d67a40be41
-
SHA256
849d0e455547806c15afdfcb786a75e449191e15026ed2256609855057a304d6
-
SHA512
06e6100db4565318b1c9532ada715f6ba1f59ad04f2dd2beb97709c269e30d29d48f4453b17f7c0f1746f63947860a6cd184f655f418afb2ce6f7b2711336ee1
-
SSDEEP
196608:HKzwyCGyOlHuQYoYpB/jrJAIIAXowyE2dOYIesY+3CVU1fwADwk0YUj8Da9l:q8y9yOFYoYpp6akIYnsYIZyUY78Da9l
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule static1/unpack001/Arsenic/extatent.dll agile_net -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Arsenic/Arsenic.exe unpack001/Arsenic/extatent.dll
Files
-
Arsenic.zip.zip
-
Arsenic/Arsenic.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12.7MB - Virtual size: 12.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 110KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Arsenic/extatent.dll.dll windows:4 windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ