General
-
Target
ArcadiaExecutorV2.16.zip
-
Size
24.3MB
-
Sample
250208-g3lbkszpat
-
MD5
8847dcc1b069b580fc0fdee388369207
-
SHA1
18406d7dabf3ab2a799d05afe5b984d75d22e920
-
SHA256
989cf739672494aea2a6a64f8639f23c8ca7708cf6f7efae29baa545cf4375b0
-
SHA512
2258364b3b2752c2c1400c5f30b31de223d10b5edb8c50fee523bba5906cb6cd56900dffe533df724285f52ef861e656d9451e6745578f9fb0db198af11c38cc
-
SSDEEP
786432:zr51UrODy9A2tELumTzdA3I2nkJJXXH37rNiBh/S:X51UuktES8zdcn4JHX7rNiX/S
Behavioral task
behavioral1
Sample
ArcadiaExecutorV2.16.zip
Resource
win10v2004-20250207-en
Behavioral task
behavioral2
Sample
ArcadiaExecutorV2.16.zip
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral3
Sample
ArcadiaFolder/ArcadiaUI.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral4
Sample
ArcadiaFolder/ArcadiaUI.exe
Resource
win10ltsc2021-20250207-en
Malware Config
Targets
-
-
Target
ArcadiaExecutorV2.16.zip
-
Size
24.3MB
-
MD5
8847dcc1b069b580fc0fdee388369207
-
SHA1
18406d7dabf3ab2a799d05afe5b984d75d22e920
-
SHA256
989cf739672494aea2a6a64f8639f23c8ca7708cf6f7efae29baa545cf4375b0
-
SHA512
2258364b3b2752c2c1400c5f30b31de223d10b5edb8c50fee523bba5906cb6cd56900dffe533df724285f52ef861e656d9451e6745578f9fb0db198af11c38cc
-
SSDEEP
786432:zr51UrODy9A2tELumTzdA3I2nkJJXXH37rNiBh/S:X51UuktES8zdcn4JHX7rNiX/S
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
ArcadiaFolder/ArcadiaUI.exe
-
Size
51.2MB
-
MD5
5b9ba4ee7343aaaa7cd1d07c65b36c67
-
SHA1
4563992458d1addf52aaf1b80f143834b4d3f4c6
-
SHA256
f443cd3d5e00ca7db2000c383d0361a39f63c106965f7a4fe6498ba69b9de25a
-
SHA512
43a8fec1d78600d5e4da4745ccda5bd551a75b610c2eb08209c96a6c99a80c0a877807fabdda09c6b17379011cff946487028e3f2613f5d42819ac8e87f2112e
-
SSDEEP
393216:3t4stWJi9Ui9MA8VFJs+SBZ0RJ2DJ/MxDA6RBgPOdF3aYAubKnvJoKlQnAliXUxg:3trtWJi9Ui9MA8VFoBZ0RMUNtKxwi99Q
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4Obfuscated Files or Information
1Command Obfuscation
1