f7bab685eb74130f2e49156071fe2522134b3650d372ead79743f810d6e9051e

Sharing

Copy URL

Twitter E-mail

General

Target

f7bab685eb74130f2e49156071fe2522134b3650d372ead79743f810d6e9051e
Size

20.1MB
Sample

221125-ybyk9sde7x
MD5

423c2bde4d49f096568f9c7ed9fffb1d
SHA1

ad69b834e42215817f24bb3b7c8c2cbef5ecbf86
SHA256

f7bab685eb74130f2e49156071fe2522134b3650d372ead79743f810d6e9051e
SHA512

2e12a4e7660e419529a1ceee859f6edb3094f91bc5ad93b5714cdcf68ddf9aa9ca083e2217df639c08dbb83e5b4cee3fdebebd28846bfdd19d51e643e2219eb4
SSDEEP

393216:Rt1qq2McpfI8mUbH4NmDo0olh4vD0s9OBK2g:BqBJSfUrx4HulOB1g

Score

7^/10

Malware Config

Targets

- Target
  
  HearthCrawler_R30_10/Bots/DragonCC/DragonCC.dll
- Size
  
  391KB
- MD5
  
  542f52ef4697aa0363758664b546c925
- SHA1
  
  9efa4c671836c8312347b53bf45207057fb1d923
- SHA256
  
  a15da3159ef52f5d82274b06ae24d86c92ce181e03b25ecb60fc96454a7bca22
- SHA512
  
  efc7400fc58798aa9407a1faf57fae14739125e27adca1388a1043f52abd4ebace3769c6d0113c5a86dc02372f267de5ab4d4840b600cec31c991968f64dbe02
- SSDEEP
  
  3072:5G9pllQrGVAwg7+wz1tRuFkcw9X720jOu5kv9tTevVNcZf/HMgdh5O5BPHnOpDqD:4ErGSwE9+Eqmk3T5NB2PnOpDxh/9
Score

1^/10
behavioral1 behavioral2
- Target
  
  HearthCrawler_R30_10/Engine/HREngine.dll
- Size
  
  769KB
- MD5
  
  dc9b264bee4eaf25ca7c8781aa67e87f
- SHA1
  
  b2e4862f42b46d7a08adcb65dc71f83e8e1fbf7b
- SHA256
  
  fa9f65a94df0871fcc580c05e43e1e5b1cdfbea29ebcd70de578ef0d3313c7cf
- SHA512
  
  df67b593edfa5f944cd907a23ccfd5a9db956042a5e3a39e4b993a811c8e9ceb279f360bcc4d9468025f1a4aad290fa69f7a1dc609a32bdc942ff30bb1238e2b
- SSDEEP
  
  6144:uiMYxyK/b6Zwo8C+rqzE1wRpnMtlfbkvwWGdiMJlj2G2mxXNTBl:GN+rqzE1wvnKfbkvKdiiVp
Score

1^/10
behavioral3 behavioral4
- Target
  
  HearthCrawler_R30_10/HearthLoader.exe
- Size
  
  786KB
- MD5
  
  d21d67fb5aa4e035447fb215b6da6872
- SHA1
  
  1445ea78eb0cd609ae8616091595b6ed8114e82d
- SHA256
  
  7d8a7c512f7b2c4d4d9d16dfd5c5c2187c03bfcc3eaa07c0bad88e675af56865
- SHA512
  
  098b81f5eaa94aa1a9166f3c75c7926a5def6c7e426b675e8459d92651e4d890ab76d4bd8f7d05b42c22f02ab9f0acce19bb10dd3c79df431c6e8e13913755a4
- SSDEEP
  
  24576:lxU15RuD+6MFFxoKj7uUY/FMpM73BYY8Q3awotl:l4RuS6MFAe7G9MpY3l1Kwol
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  HearthCrawler_R30_10/Hearthcrawler.Agent.exe
- Size
  
  224KB
- MD5
  
  75b055ad06dd614b0a7a8031524c2848
- SHA1
  
  12d425544c2c4aa143b9ffb57f9acad8e7cd0b5c
- SHA256
  
  c234e40256be5e65028324c35fadc71cc59aa57ec678972b91ebc7f1e7f4c760
- SHA512
  
  34a67cf8ca9685f996ed6c1908957198b989217439dd0a6a818598d9986073e4020e3949e954e4bf277b65c0ddddb299e7f200bdcac355471fa7c22988387bec
- SSDEEP
  
  3072:j1fQkD/67HT1fQkD/67HRfUlk2YeqOkGT0tq0H/lz3+1fQkD/67H:jVQJ7zVQJ7xfUOdjGTyqK6VQJ7
Score

1^/10
behavioral7 behavioral8
- Target
  
  HearthCrawler_R30_10/Hearthcrawler.Client.dll
- Size
  
  279KB
- MD5
  
  7f751ae1d87088c32553a393ed52aef3
- SHA1
  
  3a462d3a1cc820a3aca3d14a1c94412f4f1bbaa0
- SHA256
  
  96642921c8a02af13101838e71a4e22ce54162e301d67012e7fc5168443248e0
- SHA512
  
  429bdaa641f3dade78546ab5786f8b385723deafd4671ce4cfb5da44b5a60ec91c097449e92db9c2bb6442b84249aa66d0f6ef05b6def085be4e57f068a8991c
- SSDEEP
  
  6144:fTwOrVWV77rx7HadzYNj+amhoEkZwssSQ6MjU1N55hOQkBeQLRwxVjif2:zc1adAS2
Score

1^/10
behavioral10 behavioral9
- Target
  
  HearthCrawler_R30_10/Hearthcrawler.exe
- Size
  
  897KB
- MD5
  
  b1957d42e692bde123f46c69bf5a8c07
- SHA1
  
  fc888e6553e2a7bef9cf875fb128abd4ce54b79d
- SHA256
  
  cf51afce6ebdadcf2546873479b49b00e1df8296c9ddcea1e52bb787eac4b596
- SHA512
  
  26652121c01bf0c32501dd481c96ea351e404eb2b3294299c0a35f59668a4d2f5c6356f4a3da971946ed96d555d56f531a9e58d51fd27c7b678596dc63a431f3
- SSDEEP
  
  24576:jgvnYTQmGhVekKcGQfOZhROydA/Fer49uPQJcDKwNgnnPd:jgQTQmeekKcfmZbAN7obHNQ
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  HearthCrawler_R30_10/Qt5Core.dll
- Size
  
  3.9MB
- MD5
  
  9eac99a6ff2ed53cd3a261823d95fb12
- SHA1
  
  3ce90557f8db25fb86d412650cd45039fcec4866
- SHA256
  
  c55a637d74fbd231820a58d3243a29b6b3f2a2c3b8758c6c102122afceb577a1
- SHA512
  
  2cca97860db8dbb72da882ac9a1a1e388e9b5873908156385307267a62aa40f7a3629ae7d93781910d12aaa0d43e9aed36adfcc486e37b9625f12b0555798d25
- SSDEEP
  
  49152:RBj6tUP6+McZN5YR3Y9cFpkVJsv6tWKFdu9CwTmRYPUFwR0FqWvbUbnsGw52whW8:R1M6DJsv6tWKFdu9Clgs
Score

3^/10
behavioral13 behavioral14
- Target
  
  HearthCrawler_R30_10/Qt5Gui.dll
- Size
  
  4.2MB
- MD5
  
  b6726eca5177899f6e3ef7eb5105f481
- SHA1
  
  54957d69fb8002e7953e0cbf53bc361b719ab557
- SHA256
  
  3f5a4f78dcd0963f8612037d8f495ac2042f986704f00a848a781e3a6e179ccd
- SHA512
  
  82fb025c16eee18e35f2dfba1554d209c2d567cb2ceca8d2d3553e970c7759cbe259a059ed3768d3efeb657642c73b47a349c15878e4bc74827d782e3177d3fc
- SSDEEP
  
  49152:GOP1tO6C0wVJzaNb7GtPGWvS61hW6saMhbPCdt/7CXm8inSj:hsOQJzkb7GpnThW2CWw
Score

3^/10
behavioral15 behavioral16
- Target
  
  HearthCrawler_R30_10/Qt5Network.dll
- Size
  
  827KB
- MD5
  
  1da0faed0ff715ebcf417899cbc82ed4
- SHA1
  
  9cba83012ca77a3f71a15dcdf4742a77d4314f65
- SHA256
  
  70053da1466f68903d81bba368c1431417ac118debfe7f17799595fc46146047
- SHA512
  
  c933772f4be8f3a38ff62f48dc90da9a72050c8ad3569834171c4d7a285db412b3c2ec65163b2abf5ef7d96e5216bc6834a6e38a723f6521623cad5a4e20fb32
- SSDEEP
  
  12288:4LQPwABZT9noTcc9RwoIX+XqVKBqByt6YFcHDtkc9elHRJspD8Whj2Ggoos0GdZn:eQY2ZoTLRsF9t8GgooE4DUr3
Score

3^/10
behavioral17 behavioral18
- Target
  
  HearthCrawler_R30_10/Qt5Widgets.dll
- Size
  
  4.2MB
- MD5
  
  acdd568d351355885658db5092348a83
- SHA1
  
  b64e1dbeed3f202066633faab9ed9273885c0bb4
- SHA256
  
  e878c209af09b4eb8f2300315c2d119cd7fd4a5fdff80d88dc73582386284867
- SHA512
  
  7541ac8e23c5fcef8e9c6c840bb8e268097b99a6c1d2f7d4fc3084b88d794d34bc282bd3630ee1489f9d5d5cdaea15d678619f201662c733dd857ff61ed7af0a
- SSDEEP
  
  49152:hOs8bunjQUDYGxPXlHFbCEi3K/zOsEdn0syhFZbfbkMRLxHX8:hOsnjQUsGxXlFCEvKjcPkMRLxHX8
Score

3^/10
behavioral19 behavioral20
- Target
  
  HearthCrawler_R30_10/Tools/HRCompiler.exe
- Size
  
  40KB
- MD5
  
  6cd5c8f999ee4b48137b5dbea91b28bb
- SHA1
  
  be5ea55ce0b7cced75b539183db6111d07a439ba
- SHA256
  
  7d80c548c63016c69a4eb19e9e05cbbf63e2e18444b7a15f3545253acd0626af
- SHA512
  
  36b0ab7c61df7f43db38333d8a268fcedc33971f43b5623943d559c4cbfe311034f4f4c86d50d88d3ec87165e2792fae9f5660ffd03e4963d712c583cbc553cd
- SSDEEP
  
  768:3qt90x//Jyb+mbgvliuPonu1EJJevWnQ:CkxytICu1EaW
Score

3^/10
behavioral21 behavioral22
- Target
  
  HearthCrawler_R30_10/icudt52.dll
- Size
  
  22.4MB
- MD5
  
  4038720985c5608a375877150a670a63
- SHA1
  
  8f78ce868717704aa135f0445b02fd76e734f54c
- SHA256
  
  cafe825422ed687480d99002254f106bfc34e1f8ac161d7bf686e1c26e8175c3
- SHA512
  
  4c04c13dbdcc3c5c1e4edd4b78cfcde821a5bcfc2b36309b9733e403ad64d7691ea34788b8a80631200a336c8094bc2f382d637ea4b3030b569454e2a5e468fb
- SSDEEP
  
  393216:3+r2hCR4vmUqjGcmUJlhvKu2apO9S9/22IY4YTsPU0CFy7hv:jY4vm0
Score

3^/10
behavioral23 behavioral24
- Target
  
  HearthCrawler_R30_10/icuin52.dll
- Size
  
  1.7MB
- MD5
  
  d60b239a94313b099a3ba7695f482ca0
- SHA1
  
  02a2b43adc3b5baaa1e3dd99bc2851c01bba4288
- SHA256
  
  678bf554cfc242550ab075d477b7aa5d629cf70f17aee6f1b87b6f812da5253a
- SHA512
  
  78b5372db2585cf331745d4af75691031acd1f747abe6f69dae046eebc28bd4f02679385cd1643ddb3a39268442e2b96eb6a71f354956e5c86812f6a1f6b7cec
- SSDEEP
  
  24576:ZI1NiXmIlOpdngePu2OI8OgkZA1wO+q2R+R9wJE/uo:ZIX6OpeX9mliGo
Score

3^/10
behavioral25 behavioral26
- Target
  
  HearthCrawler_R30_10/icuuc52.dll
- Size
  
  1.3MB
- MD5
  
  ebd4a4818f6ce7c3fffa299264ae44c7
- SHA1
  
  d4463103ae665dd8835b6f45f6665f054ba6f596
- SHA256
  
  7bc32fef1b52eed6d47c2b43e70c748c657757218db5d90c15e0f3be0afa0d8f
- SHA512
  
  5d45893038ec9a269afd51d5e4f3c6671f01ceae59e29f808cdb759dc0b755389052a05557aa7e764db2f492482a851a23fc119472b277cfdaa674708f92955a
- SSDEEP
  
  24576:WTWJAWxJI8p9NPxgZulFv4PPy65MZ10nEAfmfz:WTWJXxJI8pnqZufvmq1SEZ
Score

1^/10
behavioral27 behavioral28
- Target
  
  HearthCrawler_R30_10/imageformats/qgif.dll
- Size
  
  23KB
- MD5
  
  2505afb0fb920e3b9a1de648a19bace7
- SHA1
  
  33425dc967827d6a13efc4be31b6bbbbc39c9201
- SHA256
  
  6e0bca00583b26f8680c02a038a1b870f8cdc19b97b257ea60998557a1fb5498
- SHA512
  
  46878132aa1acd6c80fa5ee03ea95cb575209637e03c6534bb263503d8d4a01818c8ede43257fa5593863036389fe4aea42afe892670fcbb6bf9d2403c14b727
- SSDEEP
  
  384:TtfUIjcsPkeCvo9eLc+HEeh6b4vnt+BKRbyS+ngh4ZIkmaVzHOAdg5l:2Ijcs7OLc6ob4vt/Rbb+nuqZHVDvdcl
Score

1^/10
behavioral29 behavioral30
- Target
  
  HearthCrawler_R30_10/libeay32.dll
- Size
  
  1.5MB
- MD5
  
  e0e0a7724695f18be6db46c2976d153f
- SHA1
  
  f3cbcebc209c85342753f3c5828c2c8781946b76
- SHA256
  
  e26d7def5a51a9844d6ac110e4bbddc9cafdfd1c6102c49063fb3518eb315aae
- SHA512
  
  bcfc51a92e906811f6caa357ab1466966729ad4ec43cd752c1a60e5efdd82db1a655b40ab1a6d63017cbb827962d92948756188f81e67b555d4917759d290b26
- SSDEEP
  
  24576:bJhOE+57PocjkPh2xitHfeZ5gwCuE9AbLeowuI88G7pcYRvzql2Dj/1LzjV1gE4t:b6xfjkPhUi0ZmzO2pF8cYRrNDj/NPVOd
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Unexpected DNS network traffic destination

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32