609cccd44a03bfd93cef765de354cdb2d3b847d90bc4dca0116ace0b1cfb1bc7

Sharing

Copy URL

Twitter E-mail

General

Target

609cccd44a03bfd93cef765de354cdb2d3b847d90bc4dca0116ace0b1cfb1bc7
Size

3.3MB
Sample

240319-vgw3vaha73
MD5

5e342c43713463b48e1fe4584b30a9a3
SHA1

5f71db54c3150dc9b5c3ec325f9e1eea535823ac
SHA256

609cccd44a03bfd93cef765de354cdb2d3b847d90bc4dca0116ace0b1cfb1bc7
SHA512

745d6ca873a0c7313957236cde8d1a317bfbc95b4f0cec2a05f7aaa14c241fc774d76c9cab6ad2cf8ab87630e8d5e8b95b94a67d63c557263198f9b5d56ed22e
SSDEEP

98304:blu5/ub+BWELE+WqrkxRmlgcGzxbhKpsTS0VFoyTd:bANub+PLEBulFGJhKeOgoyTd

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  HRSword x64/HRSword.exe
- Size
  
  1.9MB
- MD5
  
  d1acb16ced923edce691f724ff61af8f
- SHA1
  
  29664e965080f2452f3cf696cd91c2d6d4c6ba1c
- SHA256
  
  d3c59e3de4da8d5bf52ba3a35f518d0b22e46810472e99070ebc6041f63487f1
- SHA512
  
  1577f4ace1965c550e91e011691f9cd6976a59f7af28248a4006014182903897088e343d54b02c52d1e444fc4e4e811b74ca57a74ca46d4614e00f9ed9dfef15
- SSDEEP
  
  49152:z9K04YG230AyVeSWZ4f/s6CWsefdQsAzjlFgO3bVgYYrF9mCPq8Xwg/bfESVVQ+9:D47230fVew/s6CWsefWsAzjlFgO3buYy
Score

1^/10
behavioral1 behavioral2
- Target
  
  HRSword x64/daemon.dll
- Size
  
  411KB
- MD5
  
  0a5953205c4d824cca92870707e568e9
- SHA1
  
  109afdffb6e4f6ebd5549ae36ffc4c91ab1429a8
- SHA256
  
  ac9eda0ff6dbe0d5868afa0a14dcb9a10379eb042f5b09749c4dcfb36c4dc0ba
- SHA512
  
  47f2c7532b5c4f5aa25c28da7bef32bff031e655ea75dfc6555b2c4585704cdcf1d3db29f543d8437906cfea722af0ee56767f27dd213d230da95997f2f1d051
- SSDEEP
  
  12288:C4jNg/cV4lMXjcRszkOAnKu3/kPCd3WnmlVnmSiRlTMve5n3sFoWQA:C4jNg/cVWMXIyoOKWnmlVnmSulTMhFoI
Score

3^/10
behavioral3 behavioral4
- Target
  
  HRSword x64/hrwfpdrv.sys
- Size
  
  115KB
- MD5
  
  b6a03005f3db38c70c7a1008191d52c8
- SHA1
  
  51e3ce4a400af9fa92e293806c42c79e7f3061fa
- SHA256
  
  7d30dca4c9bf92fa6859ba33f53cc0a3f6d73cf0fe884cbb187935144d7fb41f
- SHA512
  
  c7c161cc5f73e45df110bf4a6368a0fdfc0571bd6dcd049e8ca09df18932fc0bd61e42f3eb83b539fe815c742228ee48a961e21e309df326861a055ce7aee281
- SSDEEP
  
  3072:9gsZ8BZkordRHnmvWEIM+PJio+TTcbkPFEflU:9gsZ05onno+XmGq6
Score

1^/10
behavioral5 behavioral6
- Target
  
  HRSword x64/libcodecs.dll
- Size
  
  1.8MB
- MD5
  
  d26d00c7b3783d265ee335c861d9d64f
- SHA1
  
  a07eb34a9e1f0c5152bd55888ed6e52ab48cf312
- SHA256
  
  29d1949704de77f97c2d2bc5e1b683fef0f2cc6c2b0ee7fe0b281f916c2052c6
- SHA512
  
  7269f1bee27ae896afe64e0f389956aa582dee90b4068c2edbf73c9fb4e219adf6450a50084c2386e9d661c0d8ecd691c196c2e50fb6a79cb65507c03c7a0107
- SSDEEP
  
  49152:f323SX+j0ZSq7Bg8kKeNrIZCj/XfFtsaLMXhi:fJ+wZSKBglKeNrIZC4aLN
Score

1^/10
behavioral7 behavioral8
- Target
  
  HRSword x64/libxsse.dll
- Size
  
  1.0MB
- MD5
  
  68315dfc2c6f9a291229ac5225898e20
- SHA1
  
  3841253325002059a4aec2b5435bd550186ca34e
- SHA256
  
  f12d743215cf226e3a949bdf10e0662ca67b3443087d588e75d42ab6438efc98
- SHA512
  
  4d63e4255ca81c38b71abc035116a8bd4588120c5d897c4a95e6140c0adecb44f2e046191c0a36a32e4984ed5a5cfd2a7db1097b0da14e9dc5baaf1f7441ab7d
- SSDEEP
  
  24576:3Qc26gmqmkzOjltKLmYVnfQ97rYanPsFv8J7ujTVEFin:+2kijlIcRnPKo7GTVEFin
Score

1^/10
behavioral10 behavioral9
- Target
  
  HRSword x64/selfprot.dll
- Size
  
  83KB
- MD5
  
  6d03e280a1a8357ce5faedf9f638a7ff
- SHA1
  
  01bc5b8b7259fa0165144c01a4ffc017c5f15679
- SHA256
  
  01c9d2d83b6e1ef9246f24ff171fa4b2c36217cb8f55c4859c62de1fefbc7c06
- SHA512
  
  a63191c015f3aafa5dd37c3997e39265cbf171566280f5cb9f341c30ba0ad08a61e96d97eb4f9cd541daad30e8a71582a6aa4d5057e7fbc0d56d41a398d1b55d
- SSDEEP
  
  1536:b36Fn3QFTmMddn/SV2r9GNFDIQ47DAsWScdS2SS30mvYDr7wA/9AoQ+8iAW:b36W3agW21+SNS38fwzDW
Score

1^/10
behavioral11 behavioral12
- Target
  
  HRSword x64/sysdiag.sys
- Size
  
  382KB
- MD5
  
  2a0fb63e03560318a8260ef2fbda512a
- SHA1
  
  590a92122f5d8e58f9a20de8f69b314a1ebc87e6
- SHA256
  
  4959ff5b88fde21f41dcb97f08e8304a0d5d65d1ef0e07729d4c975b88fbc769
- SHA512
  
  84d37c8b035caf3935e2d19b96e79ddb3de3bfb285357c3188e8bea19b4aa5012c4602c7298411eb6cecf1db55a86b692f0f57c8d74d7a2830b5eb597270bd3d
- SSDEEP
  
  6144:ub2eQgY3cPWsMmpwOW3qwqfzEfzeEHCM8+CmCszvpLI3lBrXt:uvJYWgmp1Q6Ei3mCszeB5
Score

1^/10
behavioral13 behavioral14
- Target
  
  HRSword x64/uactmon.dll
- Size
  
  381KB
- MD5
  
  91753ecb7a58e18e6b9efe7f21dafac9
- SHA1
  
  86f74f9355d3e35fa7fdaa023d2151a7d885fd5a
- SHA256
  
  2c3adb060107024c1caef9f4e983ad589bf7246acc5b94ead2f2956ef0662461
- SHA512
  
  32e7c2b000ba593e643e254657448d5ab97ff81f455a842dea9b2e7422f418b7a0ee1089d018049c100c3c87d96894f28a0269fde6354cf1c63710d9c418db81
- SSDEEP
  
  6144:Q9TlrggXheT8zcZyXgfrR7/VOiOm8Pquk+8zcoFGBPr3sQ4:4TlB8T8zSy0rRnOJPUDfFsPr3l4
Score

1^/10
behavioral15 behavioral16
- Target
  
  HRSword x64/usysdiag.dll
- Size
  
  538KB
- MD5
  
  4adbb6a238ae5c154a8a14c01bd49104
- SHA1
  
  63aa1c8255ef6ab21c9b3d74b6eb14dddb662d35
- SHA256
  
  53d2cce1f2ab57a3b59ea2559015adeeecd00f80b6103a6ed0fccb19bbdfab77
- SHA512
  
  7f02a85ff3be10ad6b24f5105cb08e8b98f25f1fcd30f1148f792f0ea4cd40eb9e29ed8cb2424b43be09cf5f9e51d71a913f25969d69886a41128d18997582a3
- SSDEEP
  
  12288:5mjNXQNJdULEfwS5i+hQ9pCzTwKhdmnm28yadCKFW:cCqLQ5hxsnm2CdHFW
Score

1^/10
behavioral17 behavioral18
- Target
  
  HRSword x64/usysdiag.exe
- Size
  
  466KB
- MD5
  
  87d25745697fb5c8d67593052b4a7018
- SHA1
  
  f87b4e8d0c24eeea8c2f04007e707d81604329a5
- SHA256
  
  825a0af37c32aa4bbdb9addb7460adf2982b30f30054d164da8cd6860c0e77e5
- SHA512
  
  7b45c7e7d5f29efd2c3715bd3159684b28af025232e66b7e6efa714ec8e2cd800c08f26062fa739cf910561009e5f835892c538dadb39957ae97cebfe067759e
- SSDEEP
  
  12288:l1jHBYrZzfqbm8ACkONXIdtO7GMctLF/YzZFc:nBYrZzybWONXIdtO7GDtLxYzZFc
Score

1^/10
behavioral19 behavioral20
- Target
  
  HRSword x64/ע.bat
- Size
  
  1KB
- MD5
  
  aa0c805a6f8ddfd2c5d916302f8d1ef9
- SHA1
  
  4960aa9138d01c5f5951093559598462205c8735
- SHA256
  
  4c40774339bfb89bb1b6018f46980e6846932aa20ffd359643aad7e4d4ff6ed6
- SHA512
  
  a2dcf57d9918832123410331968eb5ab49da44c27743c5ea4735d865025f9814fb30ae28805ddb4e2cee4053edd8e08baf419fd6360e7740dd86c1d31613de80
Score

8^/10

persistence
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Creates new service(s)

Drops file in Drivers directory

Sets service image path in registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22