Analysis
-
max time kernel
167s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21-12-2023 21:53
Behavioral task
behavioral1
Sample
08c751edec7a3ae530ac34bd90e31445.exe
Resource
win7-20231215-en
General
-
Target
08c751edec7a3ae530ac34bd90e31445.exe
-
Size
32KB
-
MD5
08c751edec7a3ae530ac34bd90e31445
-
SHA1
13dace12ba3b0c2733fd9a5c041e469627b4cffc
-
SHA256
d7d2a183cb22b8327d1a46c2c5d13f45a488234fd51fa4b355b6b53144495db8
-
SHA512
44e5d2f1bf28ce7fb21dff8ce92e34e34c74c7edb4ba8e6c809c2fe1d5134c97ecc84291367ce496dd4047d78a26bb70007c3be4b61a1b24ce966807d46bfd67
-
SSDEEP
768:uZ+k6/WHzIyee1F0dPiXpwJo8eyhoJD3u3L3GG9:kG4zIyeGuIGC8eyhoB+b
Malware Config
Extracted
systembc
80.85.84.79:4001
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
mhop.exepid process 3920 mhop.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 56 api.ipify.org 57 api.ipify.org -
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in Windows directory 2 IoCs
Processes:
08c751edec7a3ae530ac34bd90e31445.exedescription ioc process File created C:\Windows\Tasks\mhop.job 08c751edec7a3ae530ac34bd90e31445.exe File opened for modification C:\Windows\Tasks\mhop.job 08c751edec7a3ae530ac34bd90e31445.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
08c751edec7a3ae530ac34bd90e31445.exepid process 4536 08c751edec7a3ae530ac34bd90e31445.exe 4536 08c751edec7a3ae530ac34bd90e31445.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\08c751edec7a3ae530ac34bd90e31445.exe"C:\Users\Admin\AppData\Local\Temp\08c751edec7a3ae530ac34bd90e31445.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4536
-
C:\ProgramData\cudoa\mhop.exeC:\ProgramData\cudoa\mhop.exe start1⤵
- Executes dropped EXE
PID:3920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD508c751edec7a3ae530ac34bd90e31445
SHA113dace12ba3b0c2733fd9a5c041e469627b4cffc
SHA256d7d2a183cb22b8327d1a46c2c5d13f45a488234fd51fa4b355b6b53144495db8
SHA51244e5d2f1bf28ce7fb21dff8ce92e34e34c74c7edb4ba8e6c809c2fe1d5134c97ecc84291367ce496dd4047d78a26bb70007c3be4b61a1b24ce966807d46bfd67