Overview

overview

7

Static

static

3

Tyvstarterne.exe

windows7-x64

7

Tyvstarterne.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Tyvstarterne.exe

  • Size

    436KB

  • Sample

    240501-rs412sha6y

  • MD5

    cab110d55fbabf1ce703cde3030b62a1

  • SHA1

    25c43773812ad6f4123d9c470b994098a9c0548f

  • SHA256

    49760c50b74756c8856e7dbf4670b93efe7af05ba82e1c85e69047aa55f72ad9

  • SHA512

    34ee297e52dc3afd04f9e24aba6071b54fe538340be65c9b3e4fa17bd5fe9adebff0b0656661f28139c0e047757b2da5c5acf144d583d8bd7e1d4d95533c64fe

  • SSDEEP

    6144:7pkXGh6tHk47We3uM/PZPRPgiIToQIt/oAT91317Aqr/ZUJhZNrV:2ZHkkWeh/PZJYjT+pT91RAiSJxr

Score
7/10

Malware Config

Targets

    • Target

      Tyvstarterne.exe

    • Size

      436KB

    • MD5

      cab110d55fbabf1ce703cde3030b62a1

    • SHA1

      25c43773812ad6f4123d9c470b994098a9c0548f

    • SHA256

      49760c50b74756c8856e7dbf4670b93efe7af05ba82e1c85e69047aa55f72ad9

    • SHA512

      34ee297e52dc3afd04f9e24aba6071b54fe538340be65c9b3e4fa17bd5fe9adebff0b0656661f28139c0e047757b2da5c5acf144d583d8bd7e1d4d95533c64fe

    • SSDEEP

      6144:7pkXGh6tHk47We3uM/PZPRPgiIToQIt/oAT91317Aqr/ZUJhZNrV:2ZHkkWeh/PZJYjT+pT91RAiSJxr

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fc3772787eb239ef4d0399680dcc4343

    • SHA1

      db2fa99ec967178cd8057a14a428a8439a961a73

    • SHA256

      9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed

    • SHA512

      79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89

    • SSDEEP

      192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks