b082dc100bcebcfc094c530ad92136e1c4ccc037876e9805e09d697b8d8c7fd3 | Triage

Sharing

General

Target

b082dc100bcebcfc094c530ad92136e1c4ccc037876e9805e09d697b8d8c7fd3
Size

188KB
Sample

220520-3ql81ahch4
MD5

f4dc42d37d9a826db8d681bf374be307
SHA1

c2c0e84809d3aa59834b54710cae5d7a2f8e82cc
SHA256

b082dc100bcebcfc094c530ad92136e1c4ccc037876e9805e09d697b8d8c7fd3
SHA512

81d370b010845c3b3c72f12476be6f07a259ec2b377e21674c3832a8af23bed1a25d12f2dfabd5580b3261d30c37caf7873e0baf659cc00376ad3cfed697cfb1

Score

10^/10

evasion persistence upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://Hypnomenu.tk/Launcher/Files/Hypno.ytd

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://hypnomenu.tk/Launcher/Files/Hypno.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://Hypnomenu.tk/Launcher/Files/injector.exe

Targets

- Target
  
  b082dc100bcebcfc094c530ad92136e1c4ccc037876e9805e09d697b8d8c7fd3
- Size
  
  188KB
- MD5
  
  f4dc42d37d9a826db8d681bf374be307
- SHA1
  
  c2c0e84809d3aa59834b54710cae5d7a2f8e82cc
- SHA256
  
  b082dc100bcebcfc094c530ad92136e1c4ccc037876e9805e09d697b8d8c7fd3
- SHA512
  
  81d370b010845c3b3c72f12476be6f07a259ec2b377e21674c3832a8af23bed1a25d12f2dfabd5580b3261d30c37caf7873e0baf659cc00376ad3cfed697cfb1
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx