Overview
overview
10Static
static
FontAwesome.Sharp.dll
windows7-x64
1FontAwesome.Sharp.dll
windows10-2004-x64
1Hiddenz HVNC.exe
windows7-x64
1Hiddenz HVNC.exe
windows10-2004-x64
10Hiddenz's HVNC.xml
windows7-x64
1Hiddenz's HVNC.xml
windows10-2004-x64
1Hiddenz's HVNC.dll
windows7-x64
1Hiddenz's HVNC.dll
windows10-2004-x64
1Hiddenz's.dll
windows7-x64
1Hiddenz's.dll
windows10-2004-x64
1cGeoIp.dll
windows7-x64
1cGeoIp.dll
windows10-2004-x64
1dnlib.dll
windows7-x64
1dnlib.dll
windows10-2004-x64
1General
-
Target
Hiddenz HVNC last.zip
-
Size
14.8MB
-
Sample
220925-wzhtlsffh5
-
MD5
e9144cd2a0346ba9fdbc14c78cc40f10
-
SHA1
9a8cf41e9d5aa6db94ef2e55b926f7608e18e0e4
-
SHA256
1512b8c89e3a8017358fd48a259058024b4abca222535b25fd9d4abb8b71e3d6
-
SHA512
4628c0e47c583169e4a4e268c0a588fab8374ed4f80f06485aa57a97010a0ed0f559bd6c688bbc3c9018e5ddb5e243dcafa3eeb1fc86303b2e13d01ae879e243
-
SSDEEP
393216:EaNLR4fjU0+YGAyE2M7K1SWKDZpBtalgj2zf:EE4LH+XAH2M6KlHslgj2zf
Static task
static1
Behavioral task
behavioral1
Sample
FontAwesome.Sharp.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
FontAwesome.Sharp.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Hiddenz HVNC.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Hiddenz HVNC.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Hiddenz's HVNC.xml
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
Hiddenz's HVNC.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Hiddenz's HVNC.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Hiddenz's HVNC.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Hiddenz's.dll
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
Hiddenz's.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
cGeoIp.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
cGeoIp.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
dnlib.dll
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
dnlib.dll
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://rick-roll.fun/uwu/0303/Admin/cc.g
Extracted
http://rick-roll.fun/uwu/0303/global/cc.g
Targets
-
-
Target
FontAwesome.Sharp.dll
-
Size
448KB
-
MD5
f47eb5427819c89dbe76f392be46aa95
-
SHA1
6d55819f049bca6002883396fd3616b679888c26
-
SHA256
02afb53d63005ad511a7fb8c2f7a41d68ed83fd41f15aef3c491f1e87b095c8e
-
SHA512
68f93bd662b03ff1f1fb3eee770f8f4fa8ecf38e469c163652d179770d4ff76972d97520ab52495977762fc732cb1cb433781e1eba97494116ae0494f5d57a76
-
SSDEEP
6144:so2Tr5dycWxw3OT1Dl3JMr9tnGve2nbjvzdeQ/t+zd6McnODzpN2BDXTIRSwRKSq:sxDYbZl6rGVv5oELnODze58Rjg+5
Score1/10 -
-
-
Target
Hiddenz HVNC.exe
-
Size
32.6MB
-
MD5
e734d35484b6a31d8ec313b6b5867188
-
SHA1
1dbafe2644f680fecfb6ae11cfb063a0a200f434
-
SHA256
dac9a647f0acd0fb94cbe345c03f6acd8408273d34926546b2252c5d494a8279
-
SHA512
0f69b8dce04739fcf94ba96aebc2a36936225e68e43142e954f45878f75278bb772252009f344796a35956cbc41925424e88a48bf7d2e0608ebfce9ab72f5ca4
-
SSDEEP
393216:Cw06SEFCxjJE5TXe/UqhbceBVse9ziNdYK0f52KPtOBdpxdue41gGAZrYsZXGdY5:Cx7blFrUB+euAZrY6XGI
Score10/10-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Hiddenz's HVNC.conf
-
Size
343B
-
MD5
a4591bc90bc9352423f3f5dd660ac516
-
SHA1
10e47d0e00cab43c7b495aa8f494ac68d8d22ed2
-
SHA256
e0fe9963e1cede1a5a5000562ca3ac91bbb625bcf32e9d7cdf2f3486b527a627
-
SHA512
e69ea2ea22ea262f2a36c09e1c882d2c81084f41250b09f7031e59b9a0c6f7eec1aa405be545419af028ccd0b7f37ec7b0f41bca8d7bd66fc420fb9b8658e79a
Score1/10 -
-
-
Target
Hiddenz's HVNC.dll
-
Size
824KB
-
MD5
f6b210209a44d2d04d2a246caabb4a45
-
SHA1
8643cb0177077fa7ea826800966ab0d80b106e5c
-
SHA256
3a09193b6debe1c9be2b16cad932450e2d407f233a720c2b435a9f73fcc0e452
-
SHA512
f39d1eddd25b06366fe31a7f003f37b952cc07e01bf9f5478447c50e0ddcd85b8635e752d4eaa08a470c3a9783ec2802a63049ca441bb7c5a0d8953bd3779624
-
SSDEEP
12288:JS2iTsSahqRdZjWH2rDwxyqiIKJuupr5zW0yY373JR8RpMO6+n4ui5s8hvAACaxZ:Md/7dF93JjnzXPYrQ
Score1/10 -
-
-
Target
Hiddenz's.dll
-
Size
304KB
-
MD5
72881e6a1566625e53da55f10bcb20ff
-
SHA1
411dcab34022798e1e0bc3f858980f88ed35a922
-
SHA256
15aa4ce55b93978e055539e4bf2f62fb06b77ae7e89ce7ae73f7217db0d681d7
-
SHA512
05454f68cabfdc1ae5987ff6312eb0d0121553c01d9bba9221919b20515e2823c78c9a9dc5908f2bccbd4c7e2611c36b2ded839d1a696c80e92f583e6ef207dc
-
SSDEEP
6144:cc1g+g8TldeAPPh9TyvEovSZfQDyslf5TjhiPUS59m/y:csg8TveAPPh9TyvErhQW0f5TNS4/y
Score1/10 -
-
-
Target
cGeoIp.dll
-
Size
2.3MB
-
MD5
6d6e172e7965d1250a4a6f8a0513aa9f
-
SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b
-
SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
-
SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155
-
SSDEEP
24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r
Score1/10 -
-
-
Target
dnlib.dll
-
Size
1.1MB
-
MD5
d9e08ec1c571d8139255cf305e3fef40
-
SHA1
72aea7c18c901a3246eb276258e3b37a95048b4e
-
SHA256
48f144f744a9ce60659ee8cc7094610252aecbabf95492fbc612db919d144918
-
SHA512
de9b6fa6cd5025fd4639ff930caec751a3f466c39a15c6a117cba9f20348918928b3ab84a902d9a03b6b5fa233e4370393387025a470f2ea7437d36e6028ae90
-
SSDEEP
24576:bE/K/RiFSI+UDuL8ts1qrvC4S1EwZCBv7f7mh4hd:Hc4qrzKE
Score1/10 -