General
-
Target
mhddos_proxy_win.exe
-
Size
13.0MB
-
Sample
240111-p3gmdsgbfk
-
MD5
ba6e6808e26d80f69889b5c6b0c588b0
-
SHA1
3563e5fd96ff457cffec36bb77a05ffc4a01a47c
-
SHA256
e0b37708bdad729d029e1992be9559e65e957b756185e7ed783369add1a6ea6c
-
SHA512
7a9ae799aba4e33a9ad6f7d58a23ced85999b482dfb557d2a4c9ed23e468a8b0cdb3c152f341f84abad3ef86d7697e8a443857a32b816790f15a3e4b1ed5c992
-
SSDEEP
393216:KQ2FuxTqgo1FeREWuCEDR1J83a10gjLwsyXsaCmbXpt7V:KQ2FuxTqvjeRiCEDRjEalLw6aCmLpt7V
Malware Config
Targets
-
-
Target
mhddos_proxy_win.exe
-
Size
13.0MB
-
MD5
ba6e6808e26d80f69889b5c6b0c588b0
-
SHA1
3563e5fd96ff457cffec36bb77a05ffc4a01a47c
-
SHA256
e0b37708bdad729d029e1992be9559e65e957b756185e7ed783369add1a6ea6c
-
SHA512
7a9ae799aba4e33a9ad6f7d58a23ced85999b482dfb557d2a4c9ed23e468a8b0cdb3c152f341f84abad3ef86d7697e8a443857a32b816790f15a3e4b1ed5c992
-
SSDEEP
393216:KQ2FuxTqgo1FeREWuCEDR1J83a10gjLwsyXsaCmbXpt7V:KQ2FuxTqvjeRiCEDRjEalLw6aCmLpt7V
Score7/10-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-