f08c7b5f00ebfe69dff75f9adfadab559c4c47997f653e651517cbaff370f021 | Triage

Resubmissions

19-04-2024 21:54

240419-1slzxage73 7

19-04-2024 20:07

240419-yv7chseb79 7

Sharing

General

Target

Arcius.exe
Size

18.5MB
Sample

240419-yv7chseb79
MD5

fce8c69067b0303ac195548a97f59592
SHA1

dc5a3e5ebe28c1628b910e416ab87f49fabbe151
SHA256

f08c7b5f00ebfe69dff75f9adfadab559c4c47997f653e651517cbaff370f021
SHA512

d383928173a2bd237aadec531eaf7ff1601fc64e932e74ef6b9109044989ef9c4e2a101b0fbdbd6b4ab28cb4b6fb5697977e40ef32efeca99cc8fd38145b4a4d
SSDEEP

393216:b5S5AWfqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln2FE5PKk9buK+x:VaAWfD4bX71QtIDa8DZcIl2FbkEK+

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Arcius.exe
- Size
  
  18.5MB
- MD5
  
  fce8c69067b0303ac195548a97f59592
- SHA1
  
  dc5a3e5ebe28c1628b910e416ab87f49fabbe151
- SHA256
  
  f08c7b5f00ebfe69dff75f9adfadab559c4c47997f653e651517cbaff370f021
- SHA512
  
  d383928173a2bd237aadec531eaf7ff1601fc64e932e74ef6b9109044989ef9c4e2a101b0fbdbd6b4ab28cb4b6fb5697977e40ef32efeca99cc8fd38145b4a4d
- SSDEEP
  
  393216:b5S5AWfqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln2FE5PKk9buK+x:VaAWfD4bX71QtIDa8DZcIl2FbkEK+
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1