616b344e52682b0a2c061d55edc1aa3c57fd35fd6d72d773ed46d893981a3826 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

HaruHost.exe

windows7-x64

6

HaruHost.exe

windows10-2004-x64

8

Sharing

General

Target

HaruHost.zip
Size

11.7MB
Sample

240308-nj8q4adg75
MD5

3054b296b570f47c69f0745bb6be391e
SHA1

6fb571ef72378f068bb90f144f9093e1a9536669
SHA256

616b344e52682b0a2c061d55edc1aa3c57fd35fd6d72d773ed46d893981a3826
SHA512

510bae9e3870ebc9725e07fab86c778a18c44f5a09891093fa872f8362b5e955473fd3dba383860b7ce2912ff19f6abddd33ce97936313ee28719038ef062467
SSDEEP

196608:UZtJDc2YMS23oVY0Zxc9BphV11y3kC7J7OPo5nbk/smVyOApxV2lxhdRv2ddbzvW:GDc2c+oWcwphzc3kEJqPYnAsmPApj2Tp

Score

8^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

HaruHost.exe

Resource

win7-20240215-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

HaruHost.exe

Resource

win10v2004-20240226-en

discovery evasion persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  HaruHost.exe
- Size
  
  29.1MB
- MD5
  
  e2c58ae2a0b8f22aa176e2e492c57784
- SHA1
  
  eda117740cb4df5dfe5114b3d13257261e4886bc
- SHA256
  
  f762a2cf752440ddae41f7e6b196394fbd9627be565db1a9c73d311281468fd1
- SHA512
  
  3a124d0cdfd95729fc49efba37fa019e833979b8ed8b73369bcdaa40c6476d9bba5e53b8bab82f7bdfce6408f7673008759a2bd526581b3c355da0023dafb67d
- SSDEEP
  
  196608:pkTOppiGuX4jxHgfJ5rWmGlXnY0t5qTEVwDHRdj7Fk9bm:pk6jiGuodqoXYCqTEyDHRdj7FG
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy