5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

openhardwaremonitor-v0.9.6.zip
Size

491KB
Sample

240225-hqyltaed25
MD5

6f649c4615a01a4911283f2fecc00211
SHA1

be8214de9ebe3b9dc7470f3f10321aa2043f20f0
SHA256

5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85
SHA512

fc8d9148e7f56a37ac5dace9bdf08749466b605407b17a94b83cabfa3a67b4a82cf2b5e129693512c36541d15e0b3e8cd8142d8188df70f8c3bf815daa0feee0
SSDEEP

12288:X1lKssKgSWgd+8RzGs4VcyB/kMNikz6FXSTjKTe9IAaV:X1Qssi+8R54vhtNf+FpxAq

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  openhardwaremonitor-v0.9.6.zip
- Size
  
  491KB
- MD5
  
  6f649c4615a01a4911283f2fecc00211
- SHA1
  
  be8214de9ebe3b9dc7470f3f10321aa2043f20f0
- SHA256
  
  5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85
- SHA512
  
  fc8d9148e7f56a37ac5dace9bdf08749466b605407b17a94b83cabfa3a67b4a82cf2b5e129693512c36541d15e0b3e8cd8142d8188df70f8c3bf815daa0feee0
- SSDEEP
  
  12288:X1lKssKgSWgd+8RzGs4VcyB/kMNikz6FXSTjKTe9IAaV:X1Qssi+8R54vhtNf+FpxAq
Score

4^/10
behavioral1
- Target
  
  OpenHardwareMonitor/Aga.Controls.dll
- Size
  
  142KB
- MD5
  
  f17be368ade3f7cfbb6aa9dd734ce328
- SHA1
  
  ff123eb412975eefa4681f35a6c1caaee3180bd2
- SHA256
  
  830e520caf3e89dccaa3c12e3bfc992221c164f2319a2ba57e402499c24290e3
- SHA512
  
  4c9a91b5a1d86d49036e66ad9adfba6cecfdc76c4b025c0b5a120293a18c867d42b728d59208333e0e4272cdb91d86bff4025d4915e2883ea62260abdc8080bb
- SSDEEP
  
  1536:GYmlkg0y3iUXMjL1cbQVVkRnnD+Bf3TZvX+gA3v1Pbsw0C5BDdL3dSyGZ4s8pnqo:GtocbnU3TVO3v1TeC7dLdDsMqo
Score

4^/10
behavioral2
- Target
  
  OpenHardwareMonitor/License.html
- Size
  
  27KB
- MD5
  
  56e35fd2e011977c42260637515e7e6a
- SHA1
  
  1285f30ff9048f56e0bf0cb57c81f561bdc8520f
- SHA256
  
  b14e66270c828c445662328127f68042a1d6b17e7382e150e542a2045b1a9075
- SHA512
  
  a9e4886710311960367318e4b731f4401e7540b9485f38fd9a0d9abc91e154f06b2a33c7ae125aaa4272c893193cb452c75abb80d6faf6f776a85ac84d02a0d1
- SSDEEP
  
  768:pr/DB7dhGuEGjR9xCzYO2J4Sv85ZzAVgsq2sUh6pLkbXfrEAbzOU:ps+Ots5sDpLYXfrEA2U
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral3
- Target
  
  OpenHardwareMonitor/OpenHardwareMonitor.exe
- Size
  
  482KB
- MD5
  
  a261f824ab957a5331af53c7722fa2de
- SHA1
  
  65fe3a6c45fdfa7c92f72a276ad3cd0de723865d
- SHA256
  
  ec767a74c5659a05bdb7ac10bd42c2ea6d44fa946286029b2866aed476ad83bc
- SHA512
  
  beb9badfc473911b26f8929b13e36fb625eac7cbfd30a7ad0dc3435e6cf3e6a97cc4cb9cb2fd913898bb509b507cac3795b59a28c882c6dec4e948d433857d71
- SSDEEP
  
  6144:yVFazTEmgydFPKLuqMgLHqHrHFHwHaC1UTvC38kAieWb2r:cazT7zPKL2AyvC3Rpi
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral4
- Target
  
  OpenHardwareMonitor/OpenHardwareMonitorLib.dll
- Size
  
  304KB
- MD5
  
  84f1d429196cc4e89d22b2652e65f669
- SHA1
  
  1872656aafd1e4e3977edee368b05e110a0ead39
- SHA256
  
  ef02b0991aac678052bb79dfdfd5bfa0b42b1f34b209e35819ba606909655f58
- SHA512
  
  22e5c3137ca24415946bb3c827a97faef3038db79a21c87d05c195f0debb8727ade37cb4e133779a8e68bc517337962c73d03580a3d9a9ea7a1fddffb671c519
- SSDEEP
  
  6144:d9zMSmePubTkkz/iH/2b2vdQh/eHpuCsnca9KQTDBHj:d9oSV8TkH6Cst5
Score

1^/10
behavioral5
- Target
  
  OpenHardwareMonitor/OxyPlot.WindowsForms.dll
- Size
  
  21KB
- MD5
  
  689121ca3540a36b3829fd887635756f
- SHA1
  
  7de120ff9936971cb4268fcbc9c7a8ab20a2dba2
- SHA256
  
  c92cfe4026ef2319c84aab392f274ebdeb135db85123ff0e44edf4a99b05c7d0
- SHA512
  
  62a9eda0a818197c0b572cb355ddd5abbecd997ac823df4d0ee0771ff41d7e13b63d05e666a6b608bc42baead96e09ce6f3d46bc6aae441abcf8f413dacdbf64
- SSDEEP
  
  384:dtORGbrJUUrUuMPwrnSV2tJ+c8hCtJHH/LiiaZ4N6:dtdbFUU4RwXcOHH+ie
Score

1^/10
behavioral6
- Target
  
  OpenHardwareMonitor/OxyPlot.dll
- Size
  
  298KB
- MD5
  
  f07e485ab092d993a4b2bfbabf6b1d75
- SHA1
  
  aedb62183d5c3e7e034f025c58e6ed6205158690
- SHA256
  
  d3a00f3b9fbf82c4ee9fcf495a0fcc80f9f26711b4bb4fe15e0b769d47488b50
- SHA512
  
  b9bbf05ea00ba7da644ab8b288a37828ee7fba64afd64e7bcdc43326d935f70e9168e555dcb9acd87e4ed7d1c80becd75a159b81dd50cb8f001d2e55f61c8958
- SSDEEP
  
  6144:MInDiKZj1/YQiDdfNYIsmZRkeWYM3sH+tOtx:MInDgfWb
Score

1^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence

behavioral5

behavioral6

behavioral7