Overview

overview

8

Static

static

1

8a861dc6c8...47.exe

windows7-x64

8

8a861dc6c8...47.exe

windows10-2004-x64

8

Hingstplag...ne.ps1

windows7-x64

8

Hingstplag...ne.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a861dc6c86df23a36ef912e89ce3d5ae4e8b8178df3d74b4a58d9f9706d5047.exe

  • Size

    649KB

  • Sample

    240511-b14ggsgf24

  • MD5

    e6766a6f6aa24df00329fd135baee026

  • SHA1

    9ebc9a61310473c70140a38be14cbe0debac1354

  • SHA256

    8a861dc6c86df23a36ef912e89ce3d5ae4e8b8178df3d74b4a58d9f9706d5047

  • SHA512

    d458043be4e624d2d268d222ae4422e3137f85cff98745862b1b6c820e37138fcacdfc22f1fe3a3c6841d79390dc07e7a6fc8a062014cbca6df11f06a6514813

  • SSDEEP

    12288:Eky/iqUIzivShD4AxYafSPiuGPQlXZyFaT6Rqot+xpEEUy96WPq6Ow6yv7C:8/iqUYivShDdYafuPXE2otKjVNPHqAC

Score
8/10
executionpersistence

Malware Config

Targets

    • Target

      8a861dc6c86df23a36ef912e89ce3d5ae4e8b8178df3d74b4a58d9f9706d5047.exe

    • Size

      649KB

    • MD5

      e6766a6f6aa24df00329fd135baee026

    • SHA1

      9ebc9a61310473c70140a38be14cbe0debac1354

    • SHA256

      8a861dc6c86df23a36ef912e89ce3d5ae4e8b8178df3d74b4a58d9f9706d5047

    • SHA512

      d458043be4e624d2d268d222ae4422e3137f85cff98745862b1b6c820e37138fcacdfc22f1fe3a3c6841d79390dc07e7a6fc8a062014cbca6df11f06a6514813

    • SSDEEP

      12288:Eky/iqUIzivShD4AxYafSPiuGPQlXZyFaT6Rqot+xpEEUy96WPq6Ow6yv7C:8/iqUYivShDdYafuPXE2otKjVNPHqAC

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Hingstplag/Derogatory/Obstinative/Stinkdyrene/Usikkerhedsmomenterne.Sup

    • Size

      58KB

    • MD5

      f75f469413f7ee4a1aa5684598b21dc2

    • SHA1

      9ced6780f56759a64019fb90f02323382b7d37b8

    • SHA256

      995bc94d2131edcae86c7d3f939a54a0f75f48eceee27633a43a502f4c3d4c21

    • SHA512

      19a0745c7ce6a2294fcf9de80996dc7e2898401f69f88d7f1373d718655bcfbb0fec04585dddce0971d5a3acf339ed9e64a3d9783d221dbaec5ac3347b42b568

    • SSDEEP

      1536:Yl/yZLz7GcmZf1ae0zqow0gP/o7GTKmnH:Yl/Ozqcmd9/w7GzH

    Score
    8/10
    executionpersistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks