2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8

Sharing

Copy URL

Twitter E-mail

General

Target

2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8
Size

14.5MB
Sample

240524-fjvv8seb6v
MD5

917e42dbfd2d1d578f09f5bbddf6b1f7
SHA1

9c5b7b61d9b894b67316105b1b270aef6ae09717
SHA256

2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8
SHA512

9f47b14742e5b891036b545b2739ff03ad2d39abd9251fd69a059fd0aadba88d5509eeecb3f91062d0f8e60181d39dd81828420346be0ed4a063151f1dd5a341
SSDEEP

393216:wk3xanAglS90KZCMYhKcVKRW1JKjaR7nB:l3xajlg0KZu8ayWRzB

Score

7^/10

evasion upx

Malware Config

Targets

- Target
  
  HShield/AhnUpCtl.dll
- Size
  
  149KB
- MD5
  
  3f2c94deec474eec795bafee0f27ebf1
- SHA1
  
  ac5e5b2b7e0564f3100f7145c7446409c35a1e6b
- SHA256
  
  994cf5e8e2b810ef6456c68c5129137cc907cd8effe261818de0f31696a82a5e
- SHA512
  
  bbff9c7c38b4ec16abe179befb8622af5af8c2e50abbb19c7426783ea58a67de74a143edeb75030f5461e714200f6d1a2f0dda9412a0096a4176122dea866c7b
- SSDEEP
  
  3072:YPP7m7VordZ/t1MWLMrb73cHqgLZxpJblCwQuPV:4PuVobteWLMrb73WqNwQI
Score

1^/10
behavioral1 behavioral2
- Target
  
  HShield/AhnUpGS.dll
- Size
  
  172KB
- MD5
  
  f2a08bcf92b8ddb5676f89cd0babaa45
- SHA1
  
  d2e19ecfce47333d0ef6a597c46f6ef0fa0b1199
- SHA256
  
  0f7d5fbff4ee279b671bbb9259933b980c7737dce338410bee37b5ec13cf358e
- SHA512
  
  501959150e765a3f4074c079f8a5b9b5a044f3899b38b55dc0bfd0bce15a8c6472fe51031a5f751a989d355f9917e57fdf49a04bbee7e569712bc06603169e4c
- SSDEEP
  
  3072:jQrqJToUBylyBKhSBpxS5qxq1yx+ri0Q/EPqHaWubIAC6sT34GoxuZl4oQnPRWym:sBUBylyBKhSBpxS5qxq1yxUi0Q/Gq6WB
Score

1^/10
behavioral3 behavioral4
- Target
  
  HShield/AspINet.dll
- Size
  
  728KB
- MD5
  
  1e7e7f5afd378d1b108b7649abb584be
- SHA1
  
  886c83a45002c77951c0d85046cb7edf5d9ab951
- SHA256
  
  21f8027c6be26c3957640c4c8862cb7a23b0b904af8c42f2b70961f414a5d17e
- SHA512
  
  1cff6c8db7f8c4e372c36a4d0fdaf61f504e5f20c25bc392cb3d9c51bb3eeec348675f640ebcafe81a284fa72c24dd8eab1d6c183d31473d386f00134c701835
- SSDEEP
  
  6144:Kn80RvQuXFzcTDGEhBU5BGO38+t/eQQK7kgMIZU2sgigJz3cT+eWKPbjSFDKlPE/:LaQuXlEDGGovHYglMqJO+kPbjA2e/
Score

1^/10
behavioral5 behavioral6
- Target
  
  HShield/Bz32Ex.dll
- Size
  
  80KB
- MD5
  
  1d64f5adb11e688137a12ec4504f8520
- SHA1
  
  088864c456c14716f6a91f57702ad088102727bf
- SHA256
  
  1fdc007d96f90d675e67550569ad3c99f88ea13d7d603e36d99d43cb4de61e4f
- SHA512
  
  0d7286ee32c0e76adab2b906c339b01096f5bc39d1c172f7d87a63f7d4664227920401ce1e72082464ee383793541663f25fa02f1738bda43293a9ad6a89eedc
- SSDEEP
  
  1536:j9lZZfvvf/d3CzKLE1o1inxUg0bb5ROpVUvV7t8td:nZdvvfJCzCinxd0xRiWV7itd
Score

1^/10
behavioral7 behavioral8
- Target
  
  HShield/HSInst.dll
- Size
  
  192KB
- MD5
  
  1d2099a22892bc97f4ef710ca4412a60
- SHA1
  
  da627fd459946472694bd6040137196f0ba2f183
- SHA256
  
  97b17cc230d45521e61181744093fe685431e2db7af568adc78a16c6dda485bf
- SHA512
  
  2ae603a7ec98e69f90bed4e40120f22bfd188a0a376620f114cdee1f9b19eb0affc4668c49ffa9d7bc956325c6fe187fd9499fc01de146144695cce3869ed1c6
- SSDEEP
  
  3072:d8fDx912tJz1jrj6YQLOvcXJ1lBb1PdsWl6OqioWnjuxrYuGp2Zi9V2iXrfZshm:d812tl1HjIO8PnlPlJrfZP
Score

1^/10
behavioral10 behavioral9
- Target
  
  HShield/HSUpdate.exe
- Size
  
  150KB
- MD5
  
  061ac0ac3eec7b767c2d353ada7aad4b
- SHA1
  
  951f81e84581cacab2a953036ca8a0f3db15361a
- SHA256
  
  daf95bde2293271f59df320e5d934bd47e0e5b14da1d47536ef25596c9db1393
- SHA512
  
  96b4136dcf0a566561f2908ddd0870f5245a43ea2bbf750f81785a67c278ee2af7dfbe63c021350f9b5eda47caaf50a9b94acc780d221172b994198147e1610d
- SSDEEP
  
  3072:Q+V+eO276pVT86NMxWWJLhXTszFCpJI+lKMbc0Bagee/oAQ:vV+eO22Px2xWWnDssElUtQ
Score

1^/10
behavioral11 behavioral12
- Target
  
  HShield/MapleStory.exe
- Size
  
  3.7MB
- MD5
  
  a4876687ffc82b1898bdb7e4f9f08f93
- SHA1
  
  5852b32a4f8c029e7f830a4a76f1b9d0e5e58412
- SHA256
  
  5d280cf1c5663e925104736e73e5715a5a529d25420babf410cc411b37940f4d
- SHA512
  
  1382a742aa6db390edfacab700161297334310800b949d49f70aec683df470c326fae260a4b65580e74e5054b605cc64b60480d9e28f3f89c9b579eeee2d974d
- SSDEEP
  
  98304:pCbYhxqt2eaKanM1zdDOGtrCiobS58NR8kJ1esC:p+Yfg2igMdDOaCif8N+kJtC
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  HShield/Update/ahni2.dll
- Size
  
  101KB
- MD5
  
  23187295212c07d4af7313e11d9cd1d5
- SHA1
  
  a73a25efcd997536533a33b622cbcd5de9023b20
- SHA256
  
  1752c61082f1eafbec5f3246747d848bef4136aef0ffdab319fe277451c18c28
- SHA512
  
  d2cdcd3e591118b979d4ff37ab4c5f825a0ce096bad459e858b0b49ffb1d3d10e6acea75f1087ce6d711fa0821e3513c4bb7b6566115cfc878a27191ae17e264
- SSDEEP
  
  3072:xRnFuJ04U4Z4B4Z4T4Z4B4Z4tA4/S4s4Z4h4Z4j4Z4h4Z4NQ4vLKRDVQei2qDz0/:5uJ0/MssCMssrdPs8Mys8MbfJ9001svV
Score

1^/10
behavioral15 behavioral16
- Target
  
  HShield/Update/ahnupctl.dll
- Size
  
  149KB
- MD5
  
  f3fca50302c5fc4ca0e0ef1c13e41d02
- SHA1
  
  3e0a77f1c1b5bbac54c3da6331d229c18b97f794
- SHA256
  
  309f724ab4cbfbafb9210a0c7ca317fdf751582e9c2acff48cf1b26ac8f23f18
- SHA512
  
  62fe3ac6ebafd34175b0e133fcf9689dae68d693a865c11582300c783f0ab43b19feabaec68371c0634560bb44987a1b2381595dc7de3ffc99a39ef3653cbb93
- SSDEEP
  
  3072:Y4217sdgYA6m/lPNIClh8vfJIHrBtZgJblg5Wb981bJ:L2dsdQ6ojFlmvfJIVvMbaP
Score

1^/10
behavioral17 behavioral18
- Target
  
  HShield/Update/autoup.exe
- Size
  
  184KB
- MD5
  
  63f6f0c610f06b0c35ac9b4776dca786
- SHA1
  
  a11e1e0ad6f952de8885b964a29bb6e4f9d7c6f1
- SHA256
  
  987d2f33909c6d53d3d355f0aaf48ba31ce90b3894ab6d31bcbd0f68a0b4c300
- SHA512
  
  924bb50cf5757a306285bdd0c41b623bf9dfdfa5f24b80fba9321d2b41322976b439c2a91f66895c5b999f819ca72144c3363cdda768e74662b3d63f830b9354
- SSDEEP
  
  3072:rRvOMs0Npc4J4Rpqa0TqSlzDqKftQg+Ulhg+AvYD5yP5BVOrCyCSs2Kl:JOkpXJ+4a1S5S+AviiBVOrCUql
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20
- Target
  
  ahnrpt.ex-
- Size
  
  701KB
- MD5
  
  c4c1502174650a0ef2072c9373362510
- SHA1
  
  16c184e3c40bd02b7ecffa9b6610b0677f68ca6e
- SHA256
  
  07255c782af277a6dc97c84f00ace80ab351e2592dc5dc2ee6d7b0c93efff5ca
- SHA512
  
  f0dbbcff65cc6652a0f5f516b0b0d2180c00c56e2f8b70983b3c7542e58b88753d8176d666393132177240d3f928145d4e50abe421cc461e8b59dcbc8826c849
- SSDEEP
  
  12288:/+nzRzozPG1gPzMV/ZeL5W2woKORykgXc2l411pDgCMSBMtp8Y:/+nzBoz8VANAIykWcw4PpDCJb
Score

7^/10

upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/AhnRpt.exe
- Size
  
  289KB
- MD5
  
  c41c2078d41317491b8fc6ce81b825ab
- SHA1
  
  003ef5d4f98e098ae222ab49dac2e79f616df206
- SHA256
  
  a2c51b0b8258d1cb4ab44318aead8c276d6b3f255bf26f3cdf2601e727cd6f6b
- SHA512
  
  08e384eadf37be1185c4a0643edf02099f2e1a0422affda8cf72dc185338c797166673d58dbc997ba8a402900d8b4410c6d670d66e3c6a4e41fed6eacb37576d
- SSDEEP
  
  6144:bHlRVuQey8WQ740ygZaTr3KdadW66OcAO+evBToSlpIKUr8oSSI:TlR4dy8WQzNw3/dW66jA+vBToWaNr8ou
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks for any installed AV software in registry
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/PackAPI.dll
- Size
  
  24KB
- MD5
  
  0b6dda0671fd4b087a0c81e092b481f2
- SHA1
  
  8049ad50b1bf8b138ac0d5261e70074880e41a4e
- SHA256
  
  4e3f389ee8e27845a34d316347ed3ca1175881a2c8f01ef97857e86b6db1e7ae
- SHA512
  
  0bfec117b65bdb5cd38b3a8a423106dc738a3c0976a48ef42ac9460bda8d259bd8a7ad7f23e3d56baa1ad55d9885797487f815ed1284b643047ba9da5065a2e6
- SSDEEP
  
  96:RFG89WJLnDLjoYkzuh6zLc2x6IldWIkDvevx+:/z9WJrDLjFkzusfA
Score

3^/10
behavioral25 behavioral26
- Target
  
  ehsvc.dl-
- Size
  
  2.2MB
- MD5
  
  5cda9b81dee8a0007716fe544efdb917
- SHA1
  
  539f5b64dd825ede4c755062bed4a9c6d7664c9d
- SHA256
  
  78d47f032d493ce5fb59eecaa31aa2be047386ee0416780df19fb62db4d35272
- SHA512
  
  f0c206f077b12daab882fbe2090d192e030cc6e4319f09dc4b62b2a56f4fbb89c6003b9d93d07ba0f10e17f48e3197872792ebac6670b9aa1c1e077d86ba30c0
- SSDEEP
  
  49152:dMlCfUzvLjrM3RV/vife+OIBrercGAMOtKqd3wM12k3KzfblE3xE:perQV/7OeIGeEql12k3KG3u
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral27 behavioral28
- Target
  
  HShield/Update/v3bz32.dll
- Size
  
  61KB
- MD5
  
  09085376e57c6fa38544a5a2207a03cb
- SHA1
  
  2e508e210a97b90038e5edc184b0fca6f5b9570e
- SHA256
  
  bd84a8d7193cd98e99e4b5b310ad65e5cd860b717c40183edbaf7bd8cb852c70
- SHA512
  
  3085ae71253dcc457ae87aebbb30ea41b50fbd51c6bdbe7d08bbd63b05d615f1e1af126f4754d15dbce44e7818d691ea3fb28329cd364a2dcca0c69fc79c5cff
- SSDEEP
  
  768:sgj8H3BwGnjmBJapFwDFycXMukszBGUQ2l/F23AakZ1Grd5hjfOCrU/Lnzhj5L39:bjo/naaTc8vgGU3N88ZkB51OBnz15
Score

1^/10
behavioral29 behavioral30
- Target
  
  HShield/V3Hunt.dll
- Size
  
  137KB
- MD5
  
  6df1b79fd9f987855653aac261006e35
- SHA1
  
  73af5fe8ade785f1006846222b90a6edcb0aeb2e
- SHA256
  
  20bb45fcd52f6e3a66c2276431deebe324c1f2ff98d239d439114dfbca11318d
- SHA512
  
  2bb9fd4283f7b5dda2c3f0681c2bc2cc0b324d9717c8cb5efc5f014b6ec811dcb91ad58bfad10383b10317cf7236dd89bf6b029ed9bb2a9e140c1f1249dd3ecf
- SSDEEP
  
  3072:jjM/ufAK6lkwh3kPCdyTKtUdGDbDKZglsJKyo+y3MdaF:PeoAKjagTuKGDyyiaF
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies Wine through registry keys

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks for any installed AV software in registry

Enumerates connected drives

UPX packed file

Checks for any installed AV software in registry

Enumerates connected drives

Identifies Wine through registry keys

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32