211f78ffe209ea717d8f340e572455843eed0f1b371cfeaa679c3450089b01d5 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

mhddos_pro...86.exe

windows7-x64

8

mhddos_pro...86.exe

windows10-2004-x64

7

Sharing

General

Target

mhddos_proxy_win_x86.exe
Size

11.6MB
Sample

240501-pplzysgh87
MD5

7acc0a72c8efcb5dca126c01fb9510eb
SHA1

968507d1b6a7a69571b3cbc5cdc080f3be06f071
SHA256

211f78ffe209ea717d8f340e572455843eed0f1b371cfeaa679c3450089b01d5
SHA512

9a525460c3e5f58b3b5a1cd4ed52e8164892d11db5b38813897f40ce2aaac5d708bf16234123c1ea195f47f532694adee583b6a8eab69803eb9db1c81033d685
SSDEEP

196608:SXTwwzQiMOERyOZAgyc2Xqp2IxdBtarTBWPI2rvs8Yn6xw65IoPP:SXTwxlty0As2XiNAiIccn8w0xP

Score

8^/10

discovery pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mhddos_proxy_win_x86.exe

Resource

win7-20240215-en

discovery pyinstaller

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral2

Sample

mhddos_proxy_win_x86.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

3 signatures

1800 seconds

Malware Config

Targets

- Target
  
  mhddos_proxy_win_x86.exe
- Size
  
  11.6MB
- MD5
  
  7acc0a72c8efcb5dca126c01fb9510eb
- SHA1
  
  968507d1b6a7a69571b3cbc5cdc080f3be06f071
- SHA256
  
  211f78ffe209ea717d8f340e572455843eed0f1b371cfeaa679c3450089b01d5
- SHA512
  
  9a525460c3e5f58b3b5a1cd4ed52e8164892d11db5b38813897f40ce2aaac5d708bf16234123c1ea195f47f532694adee583b6a8eab69803eb9db1c81033d685
- SSDEEP
  
  196608:SXTwwzQiMOERyOZAgyc2Xqp2IxdBtarTBWPI2rvs8Yn6xw65IoPP:SXTwxlty0As2XiNAiIccn8w0xP
Score

8^/10

discovery pyinstaller
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstaller

behavioral2

© 2018-2024

Terms | Privacy