General

  • Target

    Arcane_External.exe

  • Size

    81.1MB

  • Sample

    240802-t1a42swcrf

  • MD5

    f8afb85b7a946d2ceb09672cb8323471

  • SHA1

    d60ffe788c600170977fafe54bea8700d6c056cc

  • SHA256

    85133b4dc5edc85709fdfb98f01c87a41798212ad552212e3f5583483489436f

  • SHA512

    6167ed1add0c12cb2796ae5539db7a65aa0210706ea1353e0ce2d9fa901a78ff72791ac2bb247ec74ef4b43f0b523b473342abd77ced5099ffcd18e5aec69275

  • SSDEEP

    1572864:XvxZQgl0v7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWp9lSFcJz7:XvxZxKeSkB05awcSeu5BG9l17

Malware Config

Targets

    • Target

      Arcane_External.exe

    • Size

      81.1MB

    • MD5

      f8afb85b7a946d2ceb09672cb8323471

    • SHA1

      d60ffe788c600170977fafe54bea8700d6c056cc

    • SHA256

      85133b4dc5edc85709fdfb98f01c87a41798212ad552212e3f5583483489436f

    • SHA512

      6167ed1add0c12cb2796ae5539db7a65aa0210706ea1353e0ce2d9fa901a78ff72791ac2bb247ec74ef4b43f0b523b473342abd77ced5099ffcd18e5aec69275

    • SSDEEP

      1572864:XvxZQgl0v7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWp9lSFcJz7:XvxZxKeSkB05awcSeu5BG9l17

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks