General

  • Target

    Arceus X.rar

  • Size

    24.9MB

  • Sample

    240407-vxbrvahf81

  • MD5

    c1b2d19cba613d5805d610c10a2eb6f5

  • SHA1

    577f892df1577383c9261a5311a73c5d023fb9de

  • SHA256

    f8ba857886aaceb0c395ad3984e94afa5e0df0a1b87955f0ee0820bde398175a

  • SHA512

    b8cecaebdfe5e47645c821479850a5d45d24a19f5c821c5c84e9e6f4411fa6aea26139579fab6c64d276a6cceeeac9bf1d4a5759846b97f54cf6446c65dd634f

  • SSDEEP

    393216:6TiKan/c+j85gMA9OE062JRSOt1YpvVI2N70Mr0kzXYumIAencqiFlD6nwYFkvr:6WzY2EE0xScSVI2mMrdtVnzgeTar

Malware Config

Targets

    • Target

      Arceus X/ArceusX.exe

    • Size

      25.3MB

    • MD5

      c5d0a40d125547e67dd1f1eb0e71db76

    • SHA1

      384e870e81a7e9f6774606a26b135663071f685f

    • SHA256

      8e439360fecb5b9247ce63803bae292a84d0d05f375468ad328a8b84032c2d04

    • SHA512

      f5a890341c61a2736f3afc21f9181e64e4ac41283446809dd26aa3e533da7742114e02906c57438c9bd1ee6b0cf1971769d3e74620af90629613bc2fd198aeed

    • SSDEEP

      786432:C3pQ0bdoKEAp1QtIPS3ILJ6eHCi6r4VCaa:4Qoo/AHiIPSGlCiO3

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      primestealer.pyc

    • Size

      59KB

    • MD5

      4b848e818d83be9ca6025d4e065e3a98

    • SHA1

      4857ec06f59b1fbb0974405359bd5977b4d9f8f6

    • SHA256

      ba366e3aeecc7346d0665070da53990910ac5fcb0bfd578c3b7839dde959ae59

    • SHA512

      eb92a6529924e7c0738c86208e613358f619ce88fe9e3a6035ff0ce282416f58ea8ee7ffdf0d23878325454d48ca24042113c005f711d593c171ef7eba46f99e

    • SSDEEP

      768:rHw766wgqVzEoeayWLe32n6v0i0Co0b+bkvRFKJmZJWuHQtQmG4dttxfqdoB3NQ:0761L/dCo06wp5ZJWC+QmG4nq4K

    Score
    3/10
    • Target

      Arceus X/LICENSE

    • Size

      1KB

    • MD5

      62d7016a14782aa5b04deda87d33734b

    • SHA1

      0785d9a8a7133ba40bb6a88df79c1edfa0cff751

    • SHA256

      d5343dbd689b40650cf92af54d4930c203281a947132dd1b42b41562daf6c04b

    • SHA512

      b8ef57435e35c7ad6321ab64fb8f8bc8d72f04eaa2d4f1ddfe4c5f57de940d3e27c03d0992b284383e4293a6b531fceb736435cfc15ec9f4751ba0d33d5d8ca3

    Score
    1/10
    • Target

      Arceus X/auto_load.txt

    • Size

      12B

    • MD5

      d40890f1324388d8295afca5d41b407f

    • SHA1

      08684923c0e4bb6f2a44983ff6fa5bf7b517d13b

    • SHA256

      022a7c959ab7753af62091e2849806b0e5e879075188baf9d5ac918cd51535fa

    • SHA512

      b4e0d273bb8375ea7a8f291456d76637bddb5bd36e1ba47408ddc55fa6115d24a67399592a102adc140b7f638731e5b0f9f6e7e20a7c1cdd1783ec56f2904446

    Score
    3/10
    • Target

      Arceus X/configs/arsenal.cfg

    • Size

      972B

    • MD5

      27b81d9d18eb32c2fd491c3076ec0aea

    • SHA1

      402b5f985eeb30eef90bc9f4f6cb62c627a62cf6

    • SHA256

      0869c5b04f31ade390ab2746c32766ecdca8e43c15d066cf0102ed1e7cbf5dbd

    • SHA512

      ab8caf2fde6161b550e6cdcee5c82fb7b4045462facaa48ce338e359ac0f13b85927d6d2353e32a16a8d31671c7e8f990fc2954e3f3a0827bfb13560f790675d

    Score
    3/10
    • Target

      Arceus X/configs/autosave.cfg

    • Size

      996B

    • MD5

      9489291979d19765ca4ba990df16b917

    • SHA1

      dde51d149d847557cfb783500f3d630bf18cb7ca

    • SHA256

      6a25e77b4c712d7ab36c5f3e50f5e65a313d699942081bc89079200824166e16

    • SHA512

      be5c4cf4d60ad05de15458cb3fae24466640d97d47bd13be50e871b9e0e48135a63e938142370af30714b34e3ae37a03b9d8ef42162329b590b5e07d7e23191a

    Score
    3/10
    • Target

      Arceus X/configs/counterblox.cfg

    • Size

      978B

    • MD5

      bc7b801b843fb2f5fd19af34b4b88d6a

    • SHA1

      6492afe7620d1b48550fc8bec64882e01e38c438

    • SHA256

      5d2381911347f5e870966330371ee127775e18673fb6e4c42eda237007654707

    • SHA512

      875137975d9a9080cfa00322d0a1a8dfc095c8c7e805a3bd34987eed44ff430fadfa6ca865071acf037e89a849f02599dca6a445a9b395b13c03c77f54bf30e2

    Score
    3/10
    • Target

      Arceus X/configs/dahood.cfg

    • Size

      996B

    • MD5

      9489291979d19765ca4ba990df16b917

    • SHA1

      dde51d149d847557cfb783500f3d630bf18cb7ca

    • SHA256

      6a25e77b4c712d7ab36c5f3e50f5e65a313d699942081bc89079200824166e16

    • SHA512

      be5c4cf4d60ad05de15458cb3fae24466640d97d47bd13be50e871b9e0e48135a63e938142370af30714b34e3ae37a03b9d8ef42162329b590b5e07d7e23191a

    Score
    3/10
    • Target

      Arceus X/configs/jailbird.cfg

    • Size

      995B

    • MD5

      2ea9fe525de145a918ac1b461f536145

    • SHA1

      656881eac2aea4b4f4e045afcab7d7338eb7e72b

    • SHA256

      7cd075c3b2abdfe1dc36769d06eb3b734e1f4dc19122402e54d1b4b2e62b7c00

    • SHA512

      506d5bc75e9cb14028109dd0366b5ba5585afdecac03620dbb401b967d0bbec5721b63d1f4e209b89b7001654bce25e359f93d67fd430a225ebec4e3ceaeffa3

    Score
    3/10
    • Target

      Arceus X/configs/universal.cfg

    • Size

      971B

    • MD5

      3386ac6b55f3addf304f6e1cce51e7ca

    • SHA1

      a7b4690e696a4d3721f6593a69cc1803ab5cd55a

    • SHA256

      c90eef14c30d70d78bcf5a6fb1ede83befa1a7a6259f72d2134a63fdd65550c6

    • SHA512

      794a276919ccb64733ca4a2568cb8befcea6e14f1e6e4af3100b668c87e45080860a3caa9000a28f9950a8d25d22ef67e79b26b642824e0f2192d7e6ab5cada9

    Score
    3/10
    • Target

      Arceus X/configs/weaponry.cfg

    • Size

      970B

    • MD5

      579fb59d2c6b985dfd4566b8a7fe3326

    • SHA1

      6252532e06b999d05d457bd914f6a1044fcbed8f

    • SHA256

      1390e251b4fc804f56e440cdf8245e32e9146183cc0712d4cb7fdc0e81c5c045

    • SHA512

      a10844f9dd62627951ea9fc56fe6920e3689b01116c1405c6a5ddf331d7bc25016b1cb62179c40c00b00aa19fecf5562351a1f2ecd4b8f5ad851eb4d7fbab31e

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks