General
-
Target
8f2087f7290b347e2fea47e707e82c76db3ce04a5ac74023f55dce4d98aa6378.rar
-
Size
412KB
-
Sample
240530-bqrpyahc7y
-
MD5
f2b5c3b918524cce726436906f2db663
-
SHA1
256aa3671645ffad4a22ca6e9b8bb476d2b5016c
-
SHA256
8f2087f7290b347e2fea47e707e82c76db3ce04a5ac74023f55dce4d98aa6378
-
SHA512
442d5ec49977f7fd825cf5a1c198783b45f1e70c610174536a9f8cf00982a23814e91b6b8cb70db4312ada55c7c314d5a87c37c11ac083e7da5d60ec7c867b51
-
SSDEEP
6144:6+CPp3h9gqy+0uXmnjNP3RYKvFHKkQUtfNVdh8wCZtmI4eY4Cihh6Z6/JOsqAhoD:8Pp3h9Xy+0uMhYKNDQUtfN6VB4+x8fD
Static task
static1
Behavioral task
behavioral1
Sample
Mekanikken.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Mekanikken.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Mekanikken.exe
-
Size
735KB
-
MD5
45f2991260419d11badf50d6b4bde810
-
SHA1
2e5004d70d7bb9be8084100e5b07d190367b7bf1
-
SHA256
17b10f99779485341515b8764a4d681a48cbbbd2ddaa2dc121319c464509dc42
-
SHA512
716c61112487a7cfeb126efba2ba61abdc87de81e17dbe23424e06965037b9c49b313ec768dfdd6022767ad28df77864325d5f1771a4a652a44b3fd7fc3d0f23
-
SSDEEP
12288:1DDMfZUar2EYYLgU1gEjgbbV019gDAOiC4hU+Eqa6:5ARCUkUXj19gUOiCt+T/
Score7/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
6c38da8922cc37b4bbb77de4a63ad843
-
SHA1
4e0533fd11df8bddbd543ed58df7b6060d9f4631
-
SHA256
1624d9ad8b2e2658af224691263f64388ba3a997efe80011889e3c35237ce4c1
-
SHA512
ad0be3d7e57da9c304e9b9cac5341b6c76b157456ab44f5579d6c38c830a31c9c3e1e9a875b8f465243c607ea2ede6b0bb77237f17a70a4d4c78606e036c3430
-
SSDEEP
192:wA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:QR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
052099395689171cf64bf4a868e6a9be
-
SHA1
9581e80b223226eee5f726f38b3e966fdc5bbfad
-
SHA256
99fc8f647bfff3655dcd4ec577d79ec4102fb3a68b567282ba0b51e0b5262802
-
SHA512
f45e38314e10129d3cceaefa918b25a432c67db8bf73f110a6957ca7f5cc96db749601fed550e0357bf67c84de2721d9692b8785c295fc7a1537b42c68b461a9
-
SSDEEP
96:rVl/7KOuFlKHMpXGu8FX6eT3sQk1u2QmIGjbAQvL7hDAbUlV:rVl+hSs2u85TTHkZQmbbLL7hDMo
Score3/10 -