Overview

overview

8

Static

static

1

3507788e93...90.exe

windows7-x64

7

3507788e93...90.exe

windows10-2004-x64

7

Dummerhoved.ps1

windows7-x64

8

Dummerhoved.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe

  • Size

    689KB

  • Sample

    240307-cnvt9aeb91

  • MD5

    e1a4cfd3357d6e4dd940d53ae63f0571

  • SHA1

    7a2854f5bac1ef6acde9951d2cd5a1fa8e5b19e2

  • SHA256

    3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690

  • SHA512

    2737dfc11cfcbf5f66585f86bee8a9d7db8fda63c6934db97f4694d7102a5c76211c27050ffd50d4aa7cb7d3c7b3c7438e46b888f6f4a7d3982ee1970721fb32

  • SSDEEP

    12288:tGnhe2edwm/bbuwc3Wkyyn3p9JOKMCCmKmLfWLx35hXGbqvrd9qK2DX3q:SheXwmDKrByKt0zhRvr3qH76

Score
8/10
persistence

Malware Config

Targets

    • Target

      3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690.exe

    • Size

      689KB

    • MD5

      e1a4cfd3357d6e4dd940d53ae63f0571

    • SHA1

      7a2854f5bac1ef6acde9951d2cd5a1fa8e5b19e2

    • SHA256

      3507788e93b0a17601bdcb5be7e9409846e3e65a1260ea011aa7e67ee6d8d690

    • SHA512

      2737dfc11cfcbf5f66585f86bee8a9d7db8fda63c6934db97f4694d7102a5c76211c27050ffd50d4aa7cb7d3c7b3c7438e46b888f6f4a7d3982ee1970721fb32

    • SSDEEP

      12288:tGnhe2edwm/bbuwc3Wkyyn3p9JOKMCCmKmLfWLx35hXGbqvrd9qK2DX3q:SheXwmDKrByKt0zhRvr3qH76

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Dummerhoved.Bag

    • Size

      52KB

    • MD5

      848d9a48e5bf989314d32ead6bc68aa4

    • SHA1

      7f6e9f2c5f0821824a63723a2f5167ece75146ee

    • SHA256

      838dc562a380cd297af7e722ad03eea0c9878694d8bf7e0d79e2504efad5a96f

    • SHA512

      51cdc48f7d212a60fd75954ee34a5f28523de34261556ee0350e9febf479a62dad7b551cc900e5c3b5e7a99d825e0622fd64c3c5b217888e4fa06630804b6365

    • SSDEEP

      768:iFJSRjvXxE/jTrpVVyT6woOsxiP6bgOmkMb/d9dzwmBJQc6SUB5bBLhtM6H3xUjC:iL+27TrpVMT6NfbgOmbb/d93QXSCYbfM

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks