General

  • Target

    inject.dll

  • Size

    1.8MB

  • Sample

    240825-hwrepashrl

  • MD5

    6dd4c5a5128a5339d1bfe77f7103001e

  • SHA1

    0c71cd1b702bf7ea18ed6c7259ee9511295ea7ff

  • SHA256

    ab3dc1034b38e76b07515d39faaeb8876e61e5f7d946cfd05e20d67afa116d97

  • SHA512

    a96a99b63ec675346bdbe81c5ab1ceb2688f28a517566ec23f7ccc942f54137a9fdb66558036cb7ebb617b8dd61ce75d95d2bfa520c97752a039e33804cac48a

  • SSDEEP

    24576:sGQ5b2bRBQmY0zTXgIvHIlu2EbLJe7laQaNCYpe50X5296Hs:sGQ5b2bRBNZ5voObLJu1aNCv

Malware Config

Targets

    • Target

      inject.dll

    • Size

      1.8MB

    • MD5

      6dd4c5a5128a5339d1bfe77f7103001e

    • SHA1

      0c71cd1b702bf7ea18ed6c7259ee9511295ea7ff

    • SHA256

      ab3dc1034b38e76b07515d39faaeb8876e61e5f7d946cfd05e20d67afa116d97

    • SHA512

      a96a99b63ec675346bdbe81c5ab1ceb2688f28a517566ec23f7ccc942f54137a9fdb66558036cb7ebb617b8dd61ce75d95d2bfa520c97752a039e33804cac48a

    • SSDEEP

      24576:sGQ5b2bRBQmY0zTXgIvHIlu2EbLJe7laQaNCYpe50X5296Hs:sGQ5b2bRBNZ5voObLJu1aNCv

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks