General
-
Target
haiper_ai.exe
-
Size
35.9MB
-
Sample
240822-swgwcsxarq
-
MD5
18f62045817994586d751630a671bd26
-
SHA1
5c049604e73351432da30f5b50543a21e83490e6
-
SHA256
ad7f48550ea7b52ad7c69075ab13082011df8204dbd6cafbbf0239285d551cb5
-
SHA512
3d2b077271656ca8755429d9191cf9014cbb4a6de6591f684794d27b4f28c33118c06f11c6a69dfb9b02e436395160f70d79a1a7a11d2fa3e1e05c32db5fe189
-
SSDEEP
393216:N1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfV:NMguj8Q4VfvUqFTrYj
Malware Config
Targets
-
-
Target
haiper_ai.exe
-
Size
35.9MB
-
MD5
18f62045817994586d751630a671bd26
-
SHA1
5c049604e73351432da30f5b50543a21e83490e6
-
SHA256
ad7f48550ea7b52ad7c69075ab13082011df8204dbd6cafbbf0239285d551cb5
-
SHA512
3d2b077271656ca8755429d9191cf9014cbb4a6de6591f684794d27b4f28c33118c06f11c6a69dfb9b02e436395160f70d79a1a7a11d2fa3e1e05c32db5fe189
-
SSDEEP
393216:N1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfV:NMguj8Q4VfvUqFTrYj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-