General
-
Target
hacn.exe
-
Size
12.3MB
-
Sample
240419-wvbvhabf45
-
MD5
0b6cd2cf55fadd40218d09b5617022f3
-
SHA1
f33ce545bf7d07c84755cea6151b44ca17889a70
-
SHA256
edc2569ca00fba2e64ff7727b64b3cdf7182f9a37226f190aeb57a755f225ede
-
SHA512
d45ee80d7d17c62257a117de22b647317a728ac716d3193af539944e985055735ce5a6444f08f49a15a0dd397d1557e830129b810b703dc508d3a7ed9a7e6d96
-
SSDEEP
196608:ehHHDfyGowBdnpkYRMZuYcISpZUUvExfiYvq7IsBfW023p0R6iM9j:2DfDoc64YcIyZU0E9dufW0ayRI9
Behavioral task
behavioral1
Sample
hacn.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
hacn.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
hacn.exe
-
Size
12.3MB
-
MD5
0b6cd2cf55fadd40218d09b5617022f3
-
SHA1
f33ce545bf7d07c84755cea6151b44ca17889a70
-
SHA256
edc2569ca00fba2e64ff7727b64b3cdf7182f9a37226f190aeb57a755f225ede
-
SHA512
d45ee80d7d17c62257a117de22b647317a728ac716d3193af539944e985055735ce5a6444f08f49a15a0dd397d1557e830129b810b703dc508d3a7ed9a7e6d96
-
SSDEEP
196608:ehHHDfyGowBdnpkYRMZuYcISpZUUvExfiYvq7IsBfW023p0R6iM9j:2DfDoc64YcIyZU0E9dufW0ayRI9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
433B
-
MD5
312dc04abe8390eccc040ae951b7af5f
-
SHA1
6e47cc6d90ab6b101b1c042c6bb317c3e86ca0df
-
SHA256
304fb7638320868400d88a6834fc74fbe88aaca985197c1c8527a9a1ce5f24db
-
SHA512
b91a818687a3a55f4d6ea6f81ed779b7a9429a05f2a70f93f113c0742a2abae32e31eef2d0d62aa25a011c3b66005e4e696e0516aef140a2951fd13c51037dc2
Score3/10 -