General
-
Target
hacn.exe
-
Size
12.3MB
-
Sample
240301-sv1bbahd28
-
MD5
98ae932a21fee19c4b51ffa7abd4cec1
-
SHA1
e4db77c1248591ba12160223e028004ffd3366d3
-
SHA256
d0c18b8e222e3b9c09c05145bab139b63e010ba754f4ff688ee71ac69697a402
-
SHA512
5048d263e22a2a425cc2fe5dd5a5e83ae394a9051f0a440ab63a10191bbdbb8dd5c5a28aa76d93db09352b12424b8f1777aa8397a1de1acead0498688a9f4358
-
SSDEEP
393216:pDfDoc6GPqN4aMrNyAj/05dNhFx1MmWg:pb7Hqiaa4AjEVxGm
Malware Config
Targets
-
-
Target
hacn.exe
-
Size
12.3MB
-
MD5
98ae932a21fee19c4b51ffa7abd4cec1
-
SHA1
e4db77c1248591ba12160223e028004ffd3366d3
-
SHA256
d0c18b8e222e3b9c09c05145bab139b63e010ba754f4ff688ee71ac69697a402
-
SHA512
5048d263e22a2a425cc2fe5dd5a5e83ae394a9051f0a440ab63a10191bbdbb8dd5c5a28aa76d93db09352b12424b8f1777aa8397a1de1acead0498688a9f4358
-
SSDEEP
393216:pDfDoc6GPqN4aMrNyAj/05dNhFx1MmWg:pb7Hqiaa4AjEVxGm
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-