General
-
Target
Arceus.rar
-
Size
34.2MB
-
Sample
240606-svh22agh65
-
MD5
5e8e1cce01d03095b9ae62ed15a1b5da
-
SHA1
fc827ce66ca2ff3537a354b7b3573d45765c0f37
-
SHA256
0e05a9da73233d2173300ea096860d4e0320e71ad28bb3450fafa1ee82eefa2d
-
SHA512
f8910b48d23bde90dcff4580cd6de0fd192d788a30d65cef51b5eb66a986c722d451749d172e6916ffaf0769b0ffe3f3a0598f3b76233d66f14c4ed2df0c5dcd
-
SSDEEP
786432:smHH0KtZhYw9Qd0ZpsJl0NDd4fY7en2LDSaiRzzLC:3n04ZhYw9uypO01d4fY7uSO1C
Behavioral task
behavioral1
Sample
ArceusX.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
ArceusX.exe
-
Size
34.4MB
-
MD5
2fa2acfe4defe9fac64f7b9551634ce3
-
SHA1
31812fcf73ff32750f924bb29d560be38b3ed1e9
-
SHA256
938d4fa2f28b044727b8ae211295c6de1c2b3ef10b0f4a8a2a35e2014b0ff3d3
-
SHA512
6125caa5b5955429426c25a0298d159ce9237da3d42f64e421aa7e587f5031d495e0d4d958967bb5024bd62a5b822b538b8e654834947a9a47f4bbb56fe37194
-
SSDEEP
786432:vRQBrMQP00pusvRWJ67Q/UBB0yjmU8Ttd:vROrLLvRk/ryWZ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
437B
-
MD5
e3a83cc96bc468e8ed5e99b61ab1b08c
-
SHA1
fc094fba9141e8ace98cce0309e1472b2471b631
-
SHA256
893f6af6a7c380817dd8a1e5f63e72225b82c9775dc8ca40a449ed86c0427932
-
SHA512
6d629486b39cef47bd2ce9b79ff792eebee83e4bdcbb30a756aabcbce75473a732ce2f3e89f0d200a4f9dc98765ce07538a9737cd428b2b372a6d36f4e78630d
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1System Services
1Service Execution
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1