1512b8c89e3a8017358fd48a259058024b4abca222535b25fd9d4abb8b71e3d6

Sharing

Copy URL

Twitter E-mail

General

Target

Hiddenz HVNC last.zip
Size

14.8MB
Sample

220925-wzhtlsffh5
MD5

e9144cd2a0346ba9fdbc14c78cc40f10
SHA1

9a8cf41e9d5aa6db94ef2e55b926f7608e18e0e4
SHA256

1512b8c89e3a8017358fd48a259058024b4abca222535b25fd9d4abb8b71e3d6
SHA512

4628c0e47c583169e4a4e268c0a588fab8374ed4f80f06485aa57a97010a0ed0f559bd6c688bbc3c9018e5ddb5e243dcafa3eeb1fc86303b2e13d01ae879e243
SSDEEP

393216:EaNLR4fjU0+YGAyE2M7K1SWKDZpBtalgj2zf:EE4LH+XAH2M6KlHslgj2zf

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://rick-roll.fun/uwu/0303/Admin/cc.g

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://rick-roll.fun/uwu/0303/global/cc.g

Targets

- Target
  
  FontAwesome.Sharp.dll
- Size
  
  448KB
- MD5
  
  f47eb5427819c89dbe76f392be46aa95
- SHA1
  
  6d55819f049bca6002883396fd3616b679888c26
- SHA256
  
  02afb53d63005ad511a7fb8c2f7a41d68ed83fd41f15aef3c491f1e87b095c8e
- SHA512
  
  68f93bd662b03ff1f1fb3eee770f8f4fa8ecf38e469c163652d179770d4ff76972d97520ab52495977762fc732cb1cb433781e1eba97494116ae0494f5d57a76
- SSDEEP
  
  6144:so2Tr5dycWxw3OT1Dl3JMr9tnGve2nbjvzdeQ/t+zd6McnODzpN2BDXTIRSwRKSq:sxDYbZl6rGVv5oELnODze58Rjg+5
Score

1^/10
behavioral1 behavioral2
- Target
  
  Hiddenz HVNC.exe
- Size
  
  32.6MB
- MD5
  
  e734d35484b6a31d8ec313b6b5867188
- SHA1
  
  1dbafe2644f680fecfb6ae11cfb063a0a200f434
- SHA256
  
  dac9a647f0acd0fb94cbe345c03f6acd8408273d34926546b2252c5d494a8279
- SHA512
  
  0f69b8dce04739fcf94ba96aebc2a36936225e68e43142e954f45878f75278bb772252009f344796a35956cbc41925424e88a48bf7d2e0608ebfce9ab72f5ca4
- SSDEEP
  
  393216:Cw06SEFCxjJE5TXe/UqhbceBVse9ziNdYK0f52KPtOBdpxdue41gGAZrYsZXGdY5:Cx7blFrUB+euAZrY6XGI
Score

10^/10
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Hiddenz's HVNC.conf
- Size
  
  343B
- MD5
  
  a4591bc90bc9352423f3f5dd660ac516
- SHA1
  
  10e47d0e00cab43c7b495aa8f494ac68d8d22ed2
- SHA256
  
  e0fe9963e1cede1a5a5000562ca3ac91bbb625bcf32e9d7cdf2f3486b527a627
- SHA512
  
  e69ea2ea22ea262f2a36c09e1c882d2c81084f41250b09f7031e59b9a0c6f7eec1aa405be545419af028ccd0b7f37ec7b0f41bca8d7bd66fc420fb9b8658e79a
Score

1^/10
behavioral5 behavioral6
- Target
  
  Hiddenz's HVNC.dll
- Size
  
  824KB
- MD5
  
  f6b210209a44d2d04d2a246caabb4a45
- SHA1
  
  8643cb0177077fa7ea826800966ab0d80b106e5c
- SHA256
  
  3a09193b6debe1c9be2b16cad932450e2d407f233a720c2b435a9f73fcc0e452
- SHA512
  
  f39d1eddd25b06366fe31a7f003f37b952cc07e01bf9f5478447c50e0ddcd85b8635e752d4eaa08a470c3a9783ec2802a63049ca441bb7c5a0d8953bd3779624
- SSDEEP
  
  12288:JS2iTsSahqRdZjWH2rDwxyqiIKJuupr5zW0yY373JR8RpMO6+n4ui5s8hvAACaxZ:Md/7dF93JjnzXPYrQ
Score

1^/10
behavioral7 behavioral8
- Target
  
  Hiddenz's.dll
- Size
  
  304KB
- MD5
  
  72881e6a1566625e53da55f10bcb20ff
- SHA1
  
  411dcab34022798e1e0bc3f858980f88ed35a922
- SHA256
  
  15aa4ce55b93978e055539e4bf2f62fb06b77ae7e89ce7ae73f7217db0d681d7
- SHA512
  
  05454f68cabfdc1ae5987ff6312eb0d0121553c01d9bba9221919b20515e2823c78c9a9dc5908f2bccbd4c7e2611c36b2ded839d1a696c80e92f583e6ef207dc
- SSDEEP
  
  6144:cc1g+g8TldeAPPh9TyvEovSZfQDyslf5TjhiPUS59m/y:csg8TveAPPh9TyvErhQW0f5TNS4/y
Score

1^/10
behavioral9 behavioral10
- Target
  
  cGeoIp.dll
- Size
  
  2.3MB
- MD5
  
  6d6e172e7965d1250a4a6f8a0513aa9f
- SHA1
  
  b0fd4f64e837f48682874251c93258ee2cbcad2b
- SHA256
  
  d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
- SHA512
  
  35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155
- SSDEEP
  
  24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r
Score

1^/10
behavioral11 behavioral12
- Target
  
  dnlib.dll
- Size
  
  1.1MB
- MD5
  
  d9e08ec1c571d8139255cf305e3fef40
- SHA1
  
  72aea7c18c901a3246eb276258e3b37a95048b4e
- SHA256
  
  48f144f744a9ce60659ee8cc7094610252aecbabf95492fbc612db919d144918
- SHA512
  
  de9b6fa6cd5025fd4639ff930caec751a3f466c39a15c6a117cba9f20348918928b3ab84a902d9a03b6b5fa233e4370393387025a470f2ea7437d36e6028ae90
- SSDEEP
  
  24576:bE/K/RiFSI+UDuL8ts1qrvC4S1EwZCBv7f7mh4hd:Hc4qrzKE
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14