Overview
overview
7Static
static
3Arceus X/ArceusX.exe
windows11-21h2-x64
7primestealer.pyc
windows11-21h2-x64
3Arceus X/LICENSE
windows11-21h2-x64
1Arceus X/a...ad.txt
windows11-21h2-x64
3Arceus X/c...al.cfg
windows11-21h2-x64
3Arceus X/c...ve.cfg
windows11-21h2-x64
3Arceus X/c...ox.cfg
windows11-21h2-x64
3Arceus X/c...od.cfg
windows11-21h2-x64
3Arceus X/c...rd.cfg
windows11-21h2-x64
3Arceus X/c...al.cfg
windows11-21h2-x64
3Arceus X/c...ry.cfg
windows11-21h2-x64
3General
-
Target
Arceus X.rar
-
Size
24.9MB
-
Sample
240407-vxbrvahf81
-
MD5
c1b2d19cba613d5805d610c10a2eb6f5
-
SHA1
577f892df1577383c9261a5311a73c5d023fb9de
-
SHA256
f8ba857886aaceb0c395ad3984e94afa5e0df0a1b87955f0ee0820bde398175a
-
SHA512
b8cecaebdfe5e47645c821479850a5d45d24a19f5c821c5c84e9e6f4411fa6aea26139579fab6c64d276a6cceeeac9bf1d4a5759846b97f54cf6446c65dd634f
-
SSDEEP
393216:6TiKan/c+j85gMA9OE062JRSOt1YpvVI2N70Mr0kzXYumIAencqiFlD6nwYFkvr:6WzY2EE0xScSVI2mMrdtVnzgeTar
Behavioral task
behavioral1
Sample
Arceus X/ArceusX.exe
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
primestealer.pyc
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Arceus X/LICENSE
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
Arceus X/auto_load.txt
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
Arceus X/configs/arsenal.cfg
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Arceus X/configs/autosave.cfg
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
Arceus X/configs/counterblox.cfg
Resource
win11-20240214-en
Behavioral task
behavioral8
Sample
Arceus X/configs/dahood.cfg
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
Arceus X/configs/jailbird.cfg
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
Arceus X/configs/universal.cfg
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
Arceus X/configs/weaponry.cfg
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Arceus X/ArceusX.exe
-
Size
25.3MB
-
MD5
c5d0a40d125547e67dd1f1eb0e71db76
-
SHA1
384e870e81a7e9f6774606a26b135663071f685f
-
SHA256
8e439360fecb5b9247ce63803bae292a84d0d05f375468ad328a8b84032c2d04
-
SHA512
f5a890341c61a2736f3afc21f9181e64e4ac41283446809dd26aa3e533da7742114e02906c57438c9bd1ee6b0cf1971769d3e74620af90629613bc2fd198aeed
-
SSDEEP
786432:C3pQ0bdoKEAp1QtIPS3ILJ6eHCi6r4VCaa:4Qoo/AHiIPSGlCiO3
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
primestealer.pyc
-
Size
59KB
-
MD5
4b848e818d83be9ca6025d4e065e3a98
-
SHA1
4857ec06f59b1fbb0974405359bd5977b4d9f8f6
-
SHA256
ba366e3aeecc7346d0665070da53990910ac5fcb0bfd578c3b7839dde959ae59
-
SHA512
eb92a6529924e7c0738c86208e613358f619ce88fe9e3a6035ff0ce282416f58ea8ee7ffdf0d23878325454d48ca24042113c005f711d593c171ef7eba46f99e
-
SSDEEP
768:rHw766wgqVzEoeayWLe32n6v0i0Co0b+bkvRFKJmZJWuHQtQmG4dttxfqdoB3NQ:0761L/dCo06wp5ZJWC+QmG4nq4K
Score3/10 -
-
-
Target
Arceus X/LICENSE
-
Size
1KB
-
MD5
62d7016a14782aa5b04deda87d33734b
-
SHA1
0785d9a8a7133ba40bb6a88df79c1edfa0cff751
-
SHA256
d5343dbd689b40650cf92af54d4930c203281a947132dd1b42b41562daf6c04b
-
SHA512
b8ef57435e35c7ad6321ab64fb8f8bc8d72f04eaa2d4f1ddfe4c5f57de940d3e27c03d0992b284383e4293a6b531fceb736435cfc15ec9f4751ba0d33d5d8ca3
Score1/10 -
-
-
Target
Arceus X/auto_load.txt
-
Size
12B
-
MD5
d40890f1324388d8295afca5d41b407f
-
SHA1
08684923c0e4bb6f2a44983ff6fa5bf7b517d13b
-
SHA256
022a7c959ab7753af62091e2849806b0e5e879075188baf9d5ac918cd51535fa
-
SHA512
b4e0d273bb8375ea7a8f291456d76637bddb5bd36e1ba47408ddc55fa6115d24a67399592a102adc140b7f638731e5b0f9f6e7e20a7c1cdd1783ec56f2904446
Score3/10 -
-
-
Target
Arceus X/configs/arsenal.cfg
-
Size
972B
-
MD5
27b81d9d18eb32c2fd491c3076ec0aea
-
SHA1
402b5f985eeb30eef90bc9f4f6cb62c627a62cf6
-
SHA256
0869c5b04f31ade390ab2746c32766ecdca8e43c15d066cf0102ed1e7cbf5dbd
-
SHA512
ab8caf2fde6161b550e6cdcee5c82fb7b4045462facaa48ce338e359ac0f13b85927d6d2353e32a16a8d31671c7e8f990fc2954e3f3a0827bfb13560f790675d
Score3/10 -
-
-
Target
Arceus X/configs/autosave.cfg
-
Size
996B
-
MD5
9489291979d19765ca4ba990df16b917
-
SHA1
dde51d149d847557cfb783500f3d630bf18cb7ca
-
SHA256
6a25e77b4c712d7ab36c5f3e50f5e65a313d699942081bc89079200824166e16
-
SHA512
be5c4cf4d60ad05de15458cb3fae24466640d97d47bd13be50e871b9e0e48135a63e938142370af30714b34e3ae37a03b9d8ef42162329b590b5e07d7e23191a
Score3/10 -
-
-
Target
Arceus X/configs/counterblox.cfg
-
Size
978B
-
MD5
bc7b801b843fb2f5fd19af34b4b88d6a
-
SHA1
6492afe7620d1b48550fc8bec64882e01e38c438
-
SHA256
5d2381911347f5e870966330371ee127775e18673fb6e4c42eda237007654707
-
SHA512
875137975d9a9080cfa00322d0a1a8dfc095c8c7e805a3bd34987eed44ff430fadfa6ca865071acf037e89a849f02599dca6a445a9b395b13c03c77f54bf30e2
Score3/10 -
-
-
Target
Arceus X/configs/dahood.cfg
-
Size
996B
-
MD5
9489291979d19765ca4ba990df16b917
-
SHA1
dde51d149d847557cfb783500f3d630bf18cb7ca
-
SHA256
6a25e77b4c712d7ab36c5f3e50f5e65a313d699942081bc89079200824166e16
-
SHA512
be5c4cf4d60ad05de15458cb3fae24466640d97d47bd13be50e871b9e0e48135a63e938142370af30714b34e3ae37a03b9d8ef42162329b590b5e07d7e23191a
Score3/10 -
-
-
Target
Arceus X/configs/jailbird.cfg
-
Size
995B
-
MD5
2ea9fe525de145a918ac1b461f536145
-
SHA1
656881eac2aea4b4f4e045afcab7d7338eb7e72b
-
SHA256
7cd075c3b2abdfe1dc36769d06eb3b734e1f4dc19122402e54d1b4b2e62b7c00
-
SHA512
506d5bc75e9cb14028109dd0366b5ba5585afdecac03620dbb401b967d0bbec5721b63d1f4e209b89b7001654bce25e359f93d67fd430a225ebec4e3ceaeffa3
Score3/10 -
-
-
Target
Arceus X/configs/universal.cfg
-
Size
971B
-
MD5
3386ac6b55f3addf304f6e1cce51e7ca
-
SHA1
a7b4690e696a4d3721f6593a69cc1803ab5cd55a
-
SHA256
c90eef14c30d70d78bcf5a6fb1ede83befa1a7a6259f72d2134a63fdd65550c6
-
SHA512
794a276919ccb64733ca4a2568cb8befcea6e14f1e6e4af3100b668c87e45080860a3caa9000a28f9950a8d25d22ef67e79b26b642824e0f2192d7e6ab5cada9
Score3/10 -
-
-
Target
Arceus X/configs/weaponry.cfg
-
Size
970B
-
MD5
579fb59d2c6b985dfd4566b8a7fe3326
-
SHA1
6252532e06b999d05d457bd914f6a1044fcbed8f
-
SHA256
1390e251b4fc804f56e440cdf8245e32e9146183cc0712d4cb7fdc0e81c5c045
-
SHA512
a10844f9dd62627951ea9fc56fe6920e3689b01116c1405c6a5ddf331d7bc25016b1cb62179c40c00b00aa19fecf5562351a1f2ecd4b8f5ad851eb4d7fbab31e
Score3/10 -