General

  • Target

    HowlClient.exe

  • Size

    81.2MB

  • Sample

    240816-27ed2stara

  • MD5

    d0fbedcc03d22a594c693cb20666d8f4

  • SHA1

    174f6113139c69d153ede0b2e2e7d5a4f89d5c6f

  • SHA256

    16b5be77f064aeb7c6c9715b4522372f6cdfb765b088ee08c7694e82a9c565ad

  • SHA512

    f9f6cf7f24a3c6577fcb966104938fe09537e3467bd01c975e71ea50e75ebc9febc0605f7b6c8d8359e5d7b29afb2fa55251b9b5f052a1857a1f53c30e03145b

  • SSDEEP

    1572864:5vlQ3jqNJSk8IpG7V+VPhqKL9E7LjCdnneWB/4PcPJRfW19vT8rXvh:5vl+sJSkB05awKLQuZtB/YcPzfs9vYrX

Malware Config

Targets

    • Target

      HowlClient.exe

    • Size

      81.2MB

    • MD5

      d0fbedcc03d22a594c693cb20666d8f4

    • SHA1

      174f6113139c69d153ede0b2e2e7d5a4f89d5c6f

    • SHA256

      16b5be77f064aeb7c6c9715b4522372f6cdfb765b088ee08c7694e82a9c565ad

    • SHA512

      f9f6cf7f24a3c6577fcb966104938fe09537e3467bd01c975e71ea50e75ebc9febc0605f7b6c8d8359e5d7b29afb2fa55251b9b5f052a1857a1f53c30e03145b

    • SSDEEP

      1572864:5vlQ3jqNJSk8IpG7V+VPhqKL9E7LjCdnneWB/4PcPJRfW19vT8rXvh:5vl+sJSkB05awKLQuZtB/YcPzfs9vYrX

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks