General

  • Target

    c43a34e78ba6913551af41857fb63a3545acd6a9248e8a4de884988b3ccf895d

  • Size

    167KB

  • Sample

    250801-j7ytksvyf1

  • MD5

    41d3660b5321768122f4c25ac9868fc3

  • SHA1

    d42e3c5fc24e309581819cba723b14c3c247d824

  • SHA256

    c43a34e78ba6913551af41857fb63a3545acd6a9248e8a4de884988b3ccf895d

  • SHA512

    e02797980f11075715499878f06cfcb71a12da81f8b62f7c30deb31b831137472c450b95f5ebe9349a4205041b6f65c6468d217c2fa36a91902f75c7d5aed549

  • SSDEEP

    3072:oBYHQAFbcjCdDK8l8wqxrytfAndlzFvxHebZ5h2jgSw6KXwApEnB:oBYHjajw5lB2LzdxHeblqk6K

Malware Config

Targets

    • Target

      c43a34e78ba6913551af41857fb63a3545acd6a9248e8a4de884988b3ccf895d

    • Size

      167KB

    • MD5

      41d3660b5321768122f4c25ac9868fc3

    • SHA1

      d42e3c5fc24e309581819cba723b14c3c247d824

    • SHA256

      c43a34e78ba6913551af41857fb63a3545acd6a9248e8a4de884988b3ccf895d

    • SHA512

      e02797980f11075715499878f06cfcb71a12da81f8b62f7c30deb31b831137472c450b95f5ebe9349a4205041b6f65c6468d217c2fa36a91902f75c7d5aed549

    • SSDEEP

      3072:oBYHQAFbcjCdDK8l8wqxrytfAndlzFvxHebZ5h2jgSw6KXwApEnB:oBYHjajw5lB2LzdxHeblqk6K

    • Arcane family

    • ArcaneStealer

      Arcane Stealer is a .Net information-stealing malware that is easy to acquire in the dark web.

    • Detects ArcaneStealer in memory.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks