Fireball Archer Install

Aug 12, 2024 · attack.execution attack.defense-evasion attack.t1218.011 detection.emerging-threats ·

Detects Archer malware invocation via rundll32

Sigma rule (View on GitHub)

 1title: Fireball Archer Install
 2id: 3d4aebe0-6d29-45b2-a8a4-3dfde586a26d
 3status: test
 4description: Detects Archer malware invocation via rundll32
 5references:
 6    - https://www.virustotal.com/en/file/9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022/analysis/
 7    - https://www.hybrid-analysis.com/sample/9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022?environmentId=100
 8author: Florian Roth (Nextron Systems)
 9date: 2017-06-03
10modified: 2021-11-27
11tags:
12    - attack.execution
13    - attack.defense-evasion
14    - attack.t1218.011
15    - detection.emerging-threats
16logsource:
17    category: process_creation
18    product: windows
19detection:
20    selection:
21        CommandLine|contains|all:
22            - 'rundll32.exe'
23            - 'InstallArcherSvc'
24    condition: selection
25fields:
26    - CommandLine
27    - ParentCommandLine
28falsepositives:
29    - Unknown
30level: high

References

VirusTotal

VirusTotal

Read More
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'archer.dll'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.

Read More

Fireball Archer Install

Sigma rule (View on GitHub)

References

VirusTotal

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'archer.dll'

Related rules