Overview

overview

8

Static

static

DvnH2.exe

windows7_x64

8

DvnH2.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DvnH2.exe

  • Size

    847KB

  • Sample

    200708-pb4s7ssx9s

  • MD5

    bc23e4cf90c63d9a84eb905e6ec82f82

  • SHA1

    b82df977fcc19b730ac2cdacec7d3b93617c57ed

  • SHA256

    0396da4728728701d82bea35844941b36b6ff001bd4a46b3e3f45d5143205b16

  • SHA512

    01007caceb1e777b55d3118f7cb21117f2ca17b4caf211108b90de705c490c472df859da2802d015329b856d1be303bff6f73a624cb720682cea3f1cd0dcddd4

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      DvnH2.exe

    • Size

      847KB

    • MD5

      bc23e4cf90c63d9a84eb905e6ec82f82

    • SHA1

      b82df977fcc19b730ac2cdacec7d3b93617c57ed

    • SHA256

      0396da4728728701d82bea35844941b36b6ff001bd4a46b3e3f45d5143205b16

    • SHA512

      01007caceb1e777b55d3118f7cb21117f2ca17b4caf211108b90de705c490c472df859da2802d015329b856d1be303bff6f73a624cb720682cea3f1cd0dcddd4

    Score
    8/10
    persistencespywareevasiontrojan

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks