General
-
Target
Arcane_External.exe
-
Size
81.1MB
-
Sample
240802-t1a42swcrf
-
MD5
f8afb85b7a946d2ceb09672cb8323471
-
SHA1
d60ffe788c600170977fafe54bea8700d6c056cc
-
SHA256
85133b4dc5edc85709fdfb98f01c87a41798212ad552212e3f5583483489436f
-
SHA512
6167ed1add0c12cb2796ae5539db7a65aa0210706ea1353e0ce2d9fa901a78ff72791ac2bb247ec74ef4b43f0b523b473342abd77ced5099ffcd18e5aec69275
-
SSDEEP
1572864:XvxZQgl0v7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWp9lSFcJz7:XvxZxKeSkB05awcSeu5BG9l17
Behavioral task
behavioral1
Sample
Arcane_External.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
Arcane_External.exe
-
Size
81.1MB
-
MD5
f8afb85b7a946d2ceb09672cb8323471
-
SHA1
d60ffe788c600170977fafe54bea8700d6c056cc
-
SHA256
85133b4dc5edc85709fdfb98f01c87a41798212ad552212e3f5583483489436f
-
SHA512
6167ed1add0c12cb2796ae5539db7a65aa0210706ea1353e0ce2d9fa901a78ff72791ac2bb247ec74ef4b43f0b523b473342abd77ced5099ffcd18e5aec69275
-
SSDEEP
1572864:XvxZQgl0v7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWp9lSFcJz7:XvxZxKeSkB05awcSeu5BG9l17
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-