Overview

overview

8

Static

static

1

EasyHiderD...re.dll

windows7-x64

8

EasyHiderD...re.dll

windows10-2004-x64

3

EasyHiderD...ap.exe

windows7-x64

1

EasyHiderD...ap.exe

windows10-2004-x64

1

EasyHiderD...nu.dll

windows7-x64

6

EasyHiderD...nu.dll

windows10-2004-x64

6

EasyHiderD...64.dll

windows7-x64

6

EasyHiderD...64.dll

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4

  • Size

    2.0MB

  • Sample

    240220-jdtmrsdc6s

  • MD5

    cbc1ed8ef1c95eb694874de5e9a511f4

  • SHA1

    435c895b1d482e8f60b9b4b2e997daa7f6541789

  • SHA256

    9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4

  • SHA512

    8b38a04f9645681b7590ae80677b61fb8e3c7cbab0a0c25496cd84191f844c1b240f7918d3f28052af268f45b95b7a28046754936bb4a1f306924979bf88a9e8

  • SSDEEP

    49152:sgDU5GmeHwQREtaiRSiCjoAwKCKFBPQZ+eTrr6guJ/X:sgY5ncFREtf9CjwKXs5TqH/X

Score
8/10
adwarebootkitpersistencestealer

Malware Config

Targets

    • Target

      EasyHiderData/Bin/boxstore.dll

    • Size

      1.2MB

    • MD5

      4eade486d28f267eccffcec9b2a9ca09

    • SHA1

      3d0f9d4f49c5d840b7d877caba2bcd93ecf1a2cf

    • SHA256

      6b37556e22d697565d6d990c18885b2db50e6370470d3e7f734d935955254156

    • SHA512

      b39406ce0933c444f0a4efed956886ca099ecd40e9c753bd30a9a8854ebddd30f5aa6182baf7cda030ccfad4d633cd52482e9790ea19197e7817454e3ee00d13

    • SSDEEP

      24576:UoA77myjodiCMjSvMh86DUVnh1ajpTRJjvTPJZfXGg+cVf9fykhS:UoAzjodCp4tfYbvnXGg+cVfxlhS

    Score
    8/10
    bootkitpersistence

    • Blocklisted process makes network request

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      EasyHiderData/Bin/easywrap.exe

    • Size

      1.1MB

    • MD5

      3d1069b977ebb2a5c607eb155d5bc63a

    • SHA1

      83753a4046b8c2ede8ed1af3cea2dc52c7877c40

    • SHA256

      b5c04b7180fd973c51bddcecd40de28f35fd7ce04ff7586372c26c57c1167aea

    • SHA512

      f3ae9c3acefb0acda33c420a1b07609be2362db3858c322120378869a08b85df5847f61d54dc6da06ac47c568caa2e57cff08862087ea38bdca48b0d86ccf0ec

    • SSDEEP

      12288:2iXlLZoCjyCcG6oSJLFvLnnewVX1+FLHo1OzKzKAAIBN7ycitx2O4Y:BXTXyCcG+hZnnew66OuuAAq7eB

    Score
    1/10
    behavioral3behavioral4

    • Target

      EasyHiderData/Bin/shellmenu.dll

    • Size

      1.1MB

    • MD5

      be400842d412cde5e3edf1bc129cfa4d

    • SHA1

      5f0e700cdbdf6bf30cf3950f27420a7e457358fe

    • SHA256

      706fe0f68143a3b138d20a6e1ed0732b7330fa12cca839297857f0676636f71c

    • SHA512

      e4f4d17a42b8a909aab32592c234698c33e9b688c67c15dc31d9a80c1afc25a43cb7bcaf43fc81f19882cda088b2227372c17aade787d02e024c8f0aea1bf68c

    • SSDEEP

      24576:a9NbvBc8M5EwIm0ybgtN5bnLmogAUvlLm59:iPU/y7OoLUvlLm59

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral5behavioral6

    • Target

      EasyHiderData/Bin/shellmenu_x64.dll

    • Size

      1.3MB

    • MD5

      aeb9c35ad419fcb750830017c6a41890

    • SHA1

      b47fdcb7a18a742ea087c441c965c7b6c7494aed

    • SHA256

      74b42e436b6404bfd9be62d0ee3a879cdf64158c7a45fcc14964fcbf6ab23766

    • SHA512

      c2114b7e3995dbfe7eb7fe9a0f616b1c5d22608672d20569886f1c471e19608c83202376a3e521b0d03272eeae33ddb13420f269f18fd8dd274bf09c90f18254

    • SSDEEP

      24576:6M81Ac979ju+VNt+1Msh/x/4dSUW6PLmw:XpU5VVvO5x/4dSH6PLmw

    Score
    6/10
    adwarepersistencestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks