52af9190a47efe33841c5619beb09f9731ed764145ccc3ddc5f17eda1abb511b | Triage

Submit
Reports

Overview

overview

8

Static

static

3

hatt-windo...er.exe

windows7-x64

3

hatt-windo...er.exe

windows10-1703-x64

8

hatt-windo...er.exe

windows10-2004-x64

8

hatt-windo...er.exe

windows11-21h2-x64

8

Sharing

General

Target

hatt-windows-amd64-installer.exe
Size

9.7MB
Sample

240522-dejlasac3v
MD5

88eb2a71ea0e2234dd7a2985edecadce
SHA1

2d9fa6604e2c9166c7e8bf18bf316b059c4a7096
SHA256

52af9190a47efe33841c5619beb09f9731ed764145ccc3ddc5f17eda1abb511b
SHA512

01cd4207636c11b5b493ebb56cd2da853f571e6349673df6b1ee3439ba1f8712bce2666b8e0d06b592b0a209f343e5edc85f9fc21f04048256b349c9d2ae86ea
SSDEEP

196608:IB70yAyMGYJ3CDJUyAk7yr+pf89fVImke/J8W1owOy/o2rMNfq:ICOfJV5pfINl/J8W1oTF2mfq

Score

8^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

hatt-windows-amd64-installer.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

600 seconds

Behavioral task

behavioral2

Sample

hatt-windows-amd64-installer.exe

Resource

win10-20240404-en

discovery evasion persistence trojan

windows10-1703-x64

20 signatures

600 seconds

Behavioral task

behavioral3

Sample

hatt-windows-amd64-installer.exe

Resource

win10v2004-20240508-en

discovery persistence

windows10-2004-x64

15 signatures

600 seconds

Behavioral task

behavioral4

Sample

hatt-windows-amd64-installer.exe

Resource

win11-20240426-en

discovery evasion persistence trojan

windows11-21h2-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  hatt-windows-amd64-installer.exe
- Size
  
  9.7MB
- MD5
  
  88eb2a71ea0e2234dd7a2985edecadce
- SHA1
  
  2d9fa6604e2c9166c7e8bf18bf316b059c4a7096
- SHA256
  
  52af9190a47efe33841c5619beb09f9731ed764145ccc3ddc5f17eda1abb511b
- SHA512
  
  01cd4207636c11b5b493ebb56cd2da853f571e6349673df6b1ee3439ba1f8712bce2666b8e0d06b592b0a209f343e5edc85f9fc21f04048256b349c9d2ae86ea
- SSDEEP
  
  196608:IB70yAyMGYJ3CDJUyAk7yr+pf89fVImke/J8W1owOy/o2rMNfq:ICOfJV5pfINl/J8W1oTF2mfq
Score

8^/10

discovery evasion persistence trojan
- Downloads MZ/PE file
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojan

behavioral3

discoverypersistence

behavioral4

discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy