Overview

overview

8

Static

static

7

POWERI~1.exe

windows7-x64

7

POWERI~1.exe

windows10-2004-x64

7

hookah.exe

windows7-x64

8

hookah.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77cd566108bdf69dbf6a2a52438a0dc20c3d66f2c2b5c4ad20556656e5593794

  • Size

    2.0MB

  • Sample

    221129-qx7r3agc6x

  • MD5

    e7875a4f19c7e54f0bacc326967a17d2

  • SHA1

    4a8572b385eae6a8f1eebd6b89c0b168126f65b7

  • SHA256

    77cd566108bdf69dbf6a2a52438a0dc20c3d66f2c2b5c4ad20556656e5593794

  • SHA512

    e6464944f969a29281051b75cd07f1f4d12d391854bc1d65160ce4081677c686e2cac579437b33ee555c25e4162283f776b4beaf5115638cfdee60ab681995fa

  • SSDEEP

    49152:djtP+gfapkL/dTyYCVm0OiouONLiM8qkCds:dj5TEa/4vw00Zwb8s

Score
8/10
themida

Malware Config

Targets

    • Target

      POWERI~1.EXE

    • Size

      990KB

    • MD5

      94f93d84800fe42007851bb20db86974

    • SHA1

      e2c943c5224ef7edbd82e60e5e7942eafcbe173f

    • SHA256

      8165328b5b69aad9408b81cc72eabbf2674a796e6e8af362d9aea180935aabdf

    • SHA512

      de5f39eb6d810cb6e766c8887685eacb643adca195e07c2f52d1127e49998c63b3aa98a1fbe14dec3b1aa53c4823177a9bba6f3bded163132e79dcc1e6561b82

    • SSDEEP

      24576:kVaxuUAhnELHfP0Q1S6xAWpZX1XaJruEIT8fKuQ:8xaP0r6ppZoEEI4fKl

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      hookah.exe

    • Size

      1.3MB

    • MD5

      2486632d0b7d3b3ee39fabeebecd260e

    • SHA1

      30329c9819f31fb0a4801190a87b63a5d6743bf2

    • SHA256

      64cba5bbb90c2ad81d9db115714c3f0a9c5e083a2554eb2ef0aee752fff05ae6

    • SHA512

      7544cfac631e8ca09d0687f6b9f704b25fbc9d2ab8170827ee899ce9c7332e06ee44900e0b141a97236124c802707de61cd664784490cf94a45672985cca7d50

    • SSDEEP

      24576:AHKa+YuQLuDEICljs6a+oN0NxoblUIgBkKAvrMOgQjaEefuCjfV7nUVGP:AHr2jDEBahNux7dBkKAvQxRnUV

    Score
    8/10
    themida

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks