General

  • Target

    8f2087f7290b347e2fea47e707e82c76db3ce04a5ac74023f55dce4d98aa6378.rar

  • Size

    412KB

  • Sample

    240530-bqrpyahc7y

  • MD5

    f2b5c3b918524cce726436906f2db663

  • SHA1

    256aa3671645ffad4a22ca6e9b8bb476d2b5016c

  • SHA256

    8f2087f7290b347e2fea47e707e82c76db3ce04a5ac74023f55dce4d98aa6378

  • SHA512

    442d5ec49977f7fd825cf5a1c198783b45f1e70c610174536a9f8cf00982a23814e91b6b8cb70db4312ada55c7c314d5a87c37c11ac083e7da5d60ec7c867b51

  • SSDEEP

    6144:6+CPp3h9gqy+0uXmnjNP3RYKvFHKkQUtfNVdh8wCZtmI4eY4Cihh6Z6/JOsqAhoD:8Pp3h9Xy+0uMhYKNDQUtfN6VB4+x8fD

Score
7/10

Malware Config

Targets

    • Target

      Mekanikken.exe

    • Size

      735KB

    • MD5

      45f2991260419d11badf50d6b4bde810

    • SHA1

      2e5004d70d7bb9be8084100e5b07d190367b7bf1

    • SHA256

      17b10f99779485341515b8764a4d681a48cbbbd2ddaa2dc121319c464509dc42

    • SHA512

      716c61112487a7cfeb126efba2ba61abdc87de81e17dbe23424e06965037b9c49b313ec768dfdd6022767ad28df77864325d5f1771a4a652a44b3fd7fc3d0f23

    • SSDEEP

      12288:1DDMfZUar2EYYLgU1gEjgbbV019gDAOiC4hU+Eqa6:5ARCUkUXj19gUOiCt+T/

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      6c38da8922cc37b4bbb77de4a63ad843

    • SHA1

      4e0533fd11df8bddbd543ed58df7b6060d9f4631

    • SHA256

      1624d9ad8b2e2658af224691263f64388ba3a997efe80011889e3c35237ce4c1

    • SHA512

      ad0be3d7e57da9c304e9b9cac5341b6c76b157456ab44f5579d6c38c830a31c9c3e1e9a875b8f465243c607ea2ede6b0bb77237f17a70a4d4c78606e036c3430

    • SSDEEP

      192:wA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:QR7SrtTv53tdtTgwF4SQbGPX36g9Mw

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      052099395689171cf64bf4a868e6a9be

    • SHA1

      9581e80b223226eee5f726f38b3e966fdc5bbfad

    • SHA256

      99fc8f647bfff3655dcd4ec577d79ec4102fb3a68b567282ba0b51e0b5262802

    • SHA512

      f45e38314e10129d3cceaefa918b25a432c67db8bf73f110a6957ca7f5cc96db749601fed550e0357bf67c84de2721d9692b8785c295fc7a1537b42c68b461a9

    • SSDEEP

      96:rVl/7KOuFlKHMpXGu8FX6eT3sQk1u2QmIGjbAQvL7hDAbUlV:rVl+hSs2u85TTHkZQmbbLL7hDMo

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks