General

  • Target

    Arceus.rar

  • Size

    34.2MB

  • Sample

    240606-svh22agh65

  • MD5

    5e8e1cce01d03095b9ae62ed15a1b5da

  • SHA1

    fc827ce66ca2ff3537a354b7b3573d45765c0f37

  • SHA256

    0e05a9da73233d2173300ea096860d4e0320e71ad28bb3450fafa1ee82eefa2d

  • SHA512

    f8910b48d23bde90dcff4580cd6de0fd192d788a30d65cef51b5eb66a986c722d451749d172e6916ffaf0769b0ffe3f3a0598f3b76233d66f14c4ed2df0c5dcd

  • SSDEEP

    786432:smHH0KtZhYw9Qd0ZpsJl0NDd4fY7en2LDSaiRzzLC:3n04ZhYw9uypO01d4fY7uSO1C

Malware Config

Targets

    • Target

      ArceusX.exe

    • Size

      34.4MB

    • MD5

      2fa2acfe4defe9fac64f7b9551634ce3

    • SHA1

      31812fcf73ff32750f924bb29d560be38b3ed1e9

    • SHA256

      938d4fa2f28b044727b8ae211295c6de1c2b3ef10b0f4a8a2a35e2014b0ff3d3

    • SHA512

      6125caa5b5955429426c25a0298d159ce9237da3d42f64e421aa7e587f5031d495e0d4d958967bb5024bd62a5b822b538b8e654834947a9a47f4bbb56fe37194

    • SSDEEP

      786432:vRQBrMQP00pusvRWJ67Q/UBB0yjmU8Ttd:vROrLLvRk/ryWZ

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      main.pyc

    • Size

      437B

    • MD5

      e3a83cc96bc468e8ed5e99b61ab1b08c

    • SHA1

      fc094fba9141e8ace98cce0309e1472b2471b631

    • SHA256

      893f6af6a7c380817dd8a1e5f63e72225b82c9775dc8ca40a449ed86c0427932

    • SHA512

      6d629486b39cef47bd2ce9b79ff792eebee83e4bdcbb30a756aabcbce75473a732ce2f3e89f0d200a4f9dc98765ce07538a9737cd428b2b372a6d36f4e78630d

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks