f4054cff11bed4262ce7f99fd3cb69c3358102cf3543ddc4428742b73745fde9

Sharing

Copy URL

Twitter E-mail

General

Target

f4054cff11bed4262ce7f99fd3cb69c3358102cf3543ddc4428742b73745fde9
Size

4.1MB
Sample

221011-jc4rcacdfk
MD5

c9c871c8f3b28b0ebc3c9055226fa0e0
SHA1

49931a0f0c180edcf3533faab83e95cf23acb71f
SHA256

f4054cff11bed4262ce7f99fd3cb69c3358102cf3543ddc4428742b73745fde9
SHA512

4678872dfddbb0cafe38efa8a856ea8e234b1b96d14c08d642fd905fc3400957c0190ee629e21150238ac6dac4e82b526a30d39209947a97d142550dc3295b54
SSDEEP

98304:EkwrtA7QIme6a4TVFUW+lFwNXOs7QHBmKgwNKBpr/WC6qhh/G2:9gR5e6TkW+I9t0H0KgyA/WC6qhh/L

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  HRSword-main/Drivers/hrwfpdrv.sys
- Size
  
  114KB
- MD5
  
  a1046e14d0b388304b55d36898665d96
- SHA1
  
  ccc5a579a58a0ab730d168caaafee98827fd8cfd
- SHA256
  
  b09c9751ac0151d06d9dc39caf35cee7f07457867c9f23dac164bf830a498681
- SHA512
  
  067e312457b2885593a756d96907c7173aaf61389ea58a21049697ac23dbf45c254f11455dd22b9428731c07de068eb39a7f2c36c0a3087b6f51b7071107b95d
- SSDEEP
  
  3072:7usLCBAkordKZExYaPNKumDwb8Z9XRvjlDCk:7usLPY+kUwZRRJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  HRSword-main/Drivers/hrwfpdrv_win10.sys
- Size
  
  124KB
- MD5
  
  d8e2b5db012dbaf02475492cd227399b
- SHA1
  
  c0ce1bfae16da5aa675d639eb8c94ec20f9ba997
- SHA256
  
  8fe4ab0f563cce9f8d4bc0eb5072ccc857a22b737109d002139edc25f770f04e
- SHA512
  
  2d056cc12dccbaa6b982fb8b9ac9ff6cb5373e861daefe76f87ab0daec7d8198e5019538e984e8c91dd6918f6390c19270cce3eee52b9d06bdfd7836b97b0dc0
- SSDEEP
  
  3072:MusLCBAkordKZExYaPNKumDwb8Z9XRvGBtF/x:MusLPY+kUwZRROXFJ
Score

1^/10
behavioral3 behavioral4
- Target
  
  HRSword-main/Drivers/sysdiag.sys
- Size
  
  380KB
- MD5
  
  46059934e0daa6244dd2880afd03b25d
- SHA1
  
  dbf97587fb3d2c4d724645764d56899e4ae78eec
- SHA256
  
  41ce3a34cc03e27b8fde258d89f7c62aa2acf019b14c08ffec54ab614ddd7e27
- SHA512
  
  26c67f8d1b71944a720169fa7e75435b229ab701d6960114760275182dc8d0c518eb067bb1ea6354cdc24c89cf77d39a30d0956c0b25a2d61be76acd7b8605bd
- SSDEEP
  
  6144:Q1k26QgF3qZsZm6q9pkkKbJk9NXsWym3c4yg/yHYVTMI3hbNKe:Q1gJFaGmX98kQWM4yP4VJhT
Score

1^/10
behavioral5 behavioral6
- Target
  
  HRSword-main/Drivers/sysdiag_win10.sys
- Size
  
  391KB
- MD5
  
  84ee73ab5074449c1f732508b259ec49
- SHA1
  
  0db80f225d165f54fb20305e5265aae5215dfd0e
- SHA256
  
  418689701aa8a13564cc4d7437fbd24e47f36ea079d4aa655174de24a94a8171
- SHA512
  
  cfc1af32030caf94733958e26c7963341055b245a402ae8960d94a4b4e94f8d692bc647a5515c7c46cf835b413e4a5e57ac014fc7ddcd27afac2805ac4ad7934
- SSDEEP
  
  6144:K1k26QgF3qZsZm6q9pkkKbJk9NXsWym3c4yg/yHYVTMI3hbNK4P:K1gJFaGmX98kQWM4yP4VJhL
Score

1^/10
behavioral7 behavioral8
- Target
  
  HRSword-main/Drivers/usysdiag.exe
- Size
  
  466KB
- MD5
  
  688b0846b658ebd759081323366efb34
- SHA1
  
  67ce9b7274ca69897ad2b5dfd6f46f12f15107dd
- SHA256
  
  d12869ec57e27e5297e1397c01acd885056f91a6d4d4ccb37325487bc79725ff
- SHA512
  
  c8b812432b6decbf071edc0ea4a90b6941dd30b1903dd0295af60d4d07a2e341ab9c9b94b3196519ac4f4f6d0abeab335655a7c53e095ba9d266bfd0382695c2
- SSDEEP
  
  12288:Q1jHBYrZzfqbm8ACkONXIdtO7GMctLFebzZFG:YBYrZzybWONXIdtO7GDtLwbzZFG
Score

1^/10
behavioral9 behavioral10
- Target
  
  HRSword-main/DuiLib.dll
- Size
  
  1018KB
- MD5
  
  75881db475bef8ba732e15b4f140d53d
- SHA1
  
  10260d9c4dab6cece6f446c8786898f5d0217525
- SHA256
  
  c0d1608793012a5c2da2645802c144e010688da60ca5525f97068707fbf952c8
- SHA512
  
  22a14fc84f1a5b2de0c10b9a7e979d75b690bf067f9a255a20d66fe0ce8629c31c559d39f556de6e1c36ed2971b0c138d3dff30f723ee610bec2c339482668e6
- SSDEEP
  
  12288:eRCGCO+18Cj6SHQNYhsoGRf/1cWWl5Jc/C+SH7gnv7imjD/jt7a1nW7+Im6xb1X:e3Je86efdhic/C+SIjo9kp
Score

3^/10
behavioral11 behavioral12
- Target
  
  HRSword-main/HRSword.exe
- Size
  
  1.9MB
- MD5
  
  916c298f538625fb37e08d01c22d2ea4
- SHA1
  
  925bf071f481425c37e625c0516a40dcd085cbce
- SHA256
  
  d2fff815db8941a025e956eca5d6346a2b3c8f4c2b8f34427f15cfe43cdbc842
- SHA512
  
  45f3cbdc114041dbdc1729ef619718cca637587fe8f2efdd000f793b2f5a6732c6ed900db4867d944dfcbd2e3c6cc0e3d887a3ff2beb34e40224f1c5b46434a9
- SSDEEP
  
  49152:jIPFxcRj55DwPW3IeN+rjKtQp2r33OfMbA7UKpB1obg5TYA+Dj1YwycrVQRx:mx4j55EPWYeN+rjKtQpA33OfMbA7UK7N
Score

1^/10
behavioral13 behavioral14
- Target
  
  HRSword-main/behavior.dll
- Size
  
  329KB
- MD5
  
  d96cf66116bccec9c06e5c9d0f18a0c7
- SHA1
  
  21d02f2f418a02a62aa48c8045501f955a707a58
- SHA256
  
  57d7504837a7a39eeb1c0ed3840a67e282d84d5ad7fb40e7581a2f84a914384c
- SHA512
  
  15a8d4ab92171e5a707aa3d30fe032dae8fd7f52206d09edda52dc3ab8833cf1d8265985d163a5a6959d5ad6a469286c5dab0e040daa934c740d654f9fb3a813
- SSDEEP
  
  6144:ZC8O33S5vYia+dZVTBrwkTNUhXzIRN2j1f2GUahSzIg1coFy3:I8OHWYiDdHT5dajIRNqf2Va8I8FS
Score

1^/10
behavioral15 behavioral16
- Target
  
  HRSword-main/daemon.dll
- Size
  
  411KB
- MD5
  
  0a5953205c4d824cca92870707e568e9
- SHA1
  
  109afdffb6e4f6ebd5549ae36ffc4c91ab1429a8
- SHA256
  
  ac9eda0ff6dbe0d5868afa0a14dcb9a10379eb042f5b09749c4dcfb36c4dc0ba
- SHA512
  
  47f2c7532b5c4f5aa25c28da7bef32bff031e655ea75dfc6555b2c4585704cdcf1d3db29f543d8437906cfea722af0ee56767f27dd213d230da95997f2f1d051
- SSDEEP
  
  12288:C4jNg/cV4lMXjcRszkOAnKu3/kPCd3WnmlVnmSiRlTMve5n3sFoWQA:C4jNg/cVWMXIyoOKWnmlVnmSulTMhFoI
Score

3^/10
behavioral17 behavioral18
- Target
  
  HRSword-main/libcodecs.dll
- Size
  
  1.8MB
- MD5
  
  d26d00c7b3783d265ee335c861d9d64f
- SHA1
  
  a07eb34a9e1f0c5152bd55888ed6e52ab48cf312
- SHA256
  
  29d1949704de77f97c2d2bc5e1b683fef0f2cc6c2b0ee7fe0b281f916c2052c6
- SHA512
  
  7269f1bee27ae896afe64e0f389956aa582dee90b4068c2edbf73c9fb4e219adf6450a50084c2386e9d661c0d8ecd691c196c2e50fb6a79cb65507c03c7a0107
- SSDEEP
  
  49152:f323SX+j0ZSq7Bg8kKeNrIZCj/XfFtsaLMXhi:fJ+wZSKBglKeNrIZC4aLN
Score

1^/10
behavioral19 behavioral20
- Target
  
  HRSword-main/libxsse.dll
- Size
  
  1.0MB
- MD5
  
  1596d83172ed295d82eaec2ac9b017aa
- SHA1
  
  f2bf36522daf0732ac3a14430d88b678c365a5c4
- SHA256
  
  856bccfbb5c6873e5c730ce09527a984149920895fc5142947a715510ee7c8fa
- SHA512
  
  a23e903d3808c26cfd78a404ec85dba6285792fb3358062588c41d3ad33f6b733d5f93b22b81e9049f8da91e4c8b61acc4cb30a4148d94535a05e9133e9f915d
- SSDEEP
  
  24576:3lZgmq9CF7yRgzrcvTErZldffRljGsz6lT+iFAzR:1CY7yO8wr9Blj9zIT+iFAzR
Score

1^/10
behavioral21 behavioral22
- Target
  
  HRSword-main/selfprot.dll
- Size
  
  83KB
- MD5
  
  6d03e280a1a8357ce5faedf9f638a7ff
- SHA1
  
  01bc5b8b7259fa0165144c01a4ffc017c5f15679
- SHA256
  
  01c9d2d83b6e1ef9246f24ff171fa4b2c36217cb8f55c4859c62de1fefbc7c06
- SHA512
  
  a63191c015f3aafa5dd37c3997e39265cbf171566280f5cb9f341c30ba0ad08a61e96d97eb4f9cd541daad30e8a71582a6aa4d5057e7fbc0d56d41a398d1b55d
- SSDEEP
  
  1536:b36Fn3QFTmMddn/SV2r9GNFDIQ47DAsWScdS2SS30mvYDr7wA/9AoQ+8iAW:b36W3agW21+SNS38fwzDW
Score

1^/10
behavioral23 behavioral24
- Target
  
  HRSword-main/uactmon.dll
- Size
  
  381KB
- MD5
  
  91753ecb7a58e18e6b9efe7f21dafac9
- SHA1
  
  86f74f9355d3e35fa7fdaa023d2151a7d885fd5a
- SHA256
  
  2c3adb060107024c1caef9f4e983ad589bf7246acc5b94ead2f2956ef0662461
- SHA512
  
  32e7c2b000ba593e643e254657448d5ab97ff81f455a842dea9b2e7422f418b7a0ee1089d018049c100c3c87d96894f28a0269fde6354cf1c63710d9c418db81
- SSDEEP
  
  6144:Q9TlrggXheT8zcZyXgfrR7/VOiOm8Pquk+8zcoFGBPr3sQ4:4TlB8T8zSy0rRnOJPUDfFsPr3l4
Score

1^/10
behavioral25 behavioral26
- Target
  
  HRSword-main/usysdiag.dll
- Size
  
  538KB
- MD5
  
  4d49267fcd49e696bca5873e88e147d8
- SHA1
  
  6a8dd859a757036664fe0596f3a0f1faa0a919fb
- SHA256
  
  c8fbde2a38f24158b5d3d1e2a9c45d419ed5d255804071baa73a93a7d1869200
- SHA512
  
  01888920e0d522a191538025182becef7d56ac1336212e27de7b94127b71fd84947bfe8a3ee304c0c1bd432f247e91fb7c7560defb0c8e72cf5585a8e6ffa5b0
- SSDEEP
  
  12288:HDwC/3LEoOjNJ5R+Ne3TeO71ShhHaS84kQpqqg14MhFsPGYCRFLp:O7K8khbSyMhFDYMF9
Score

1^/10
behavioral27 behavioral28
- Target
  
  HRSword-main/win10初始化.bat
- Size
  
  1KB
- MD5
  
  5b53acdf4ec5d7362e3c5f355cfde55f
- SHA1
  
  8f4af3169478d310f4329b6198833685f08625cf
- SHA256
  
  55d308565b647c2633c34b57eee58294579ee029949023a454171bb5e65668ba
- SHA512
  
  c1cb9bcfa382774f071c7cd3aaecbc84ea7725c324f66f748ad9ca26e5f7cef02c7311edd043a897a4a66cd7874e725fd7975e1e1e9b475e2efc28648c3a2211
Score

8^/10

persistence
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
behavioral29 behavioral30
- Target
  
  HRSword-main/win7初始化.bat
- Size
  
  1KB
- MD5
  
  547509b22fe8c715019bd7a278c561c0
- SHA1
  
  32d3f64e00e5d37f61f7d3694c3eaf8a1230e8cd
- SHA256
  
  253c0ece38ec4b0fa9b22cd2aefcbdc412ea47a44e55c235d09b481d5c596210
- SHA512
  
  cd0485ea27b1fa261e309b87c392f94a90a1833b8a48eda64044f41f2e4d226ae32b731882b2ea87637770c3afb0df8fe0b8d5d68cb79a5bafca79f729c3f4db
Score

8^/10

persistence
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Creates new service(s)

Drops file in Drivers directory

Sets service image path in registry

Creates new service(s)

Drops file in Drivers directory

Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32