Overview

overview

7

Static

static

3

Helion.exe

windows7-x64

7

Helion.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Helion.exe

  • Size

    38.6MB

  • Sample

    241002-y41akaybld

  • MD5

    d8f5b88910c85071ec7f10887cb27489

  • SHA1

    229d76c72c45551cc1b301784fbc24d1e5b75214

  • SHA256

    a01c590efed45c2a1d2978fa98b63a8496624ff081b6494957191c0ce08b3a95

  • SHA512

    4a6a0a56d1216ea415e15d4ac3e3f6528b221fa0342eeaa42288d991f3e739d9b21f64e48a02a8c0af16a438cd6de8a5886d287b49beda3fbaacaeaf2ab313c8

  • SSDEEP

    786432:x6l0UKLCZmq0Lbv7OkT6iNqrLJKHN4VmMa8rn/ZHPSgFtmo4c1TvWTZTK:xeNExL/OkWiohKHCVmo/ZH6cgyTvWTZT

Score
7/10
discovery

Malware Config

Targets

    • Target

      Helion.exe

    • Size

      38.6MB

    • MD5

      d8f5b88910c85071ec7f10887cb27489

    • SHA1

      229d76c72c45551cc1b301784fbc24d1e5b75214

    • SHA256

      a01c590efed45c2a1d2978fa98b63a8496624ff081b6494957191c0ce08b3a95

    • SHA512

      4a6a0a56d1216ea415e15d4ac3e3f6528b221fa0342eeaa42288d991f3e739d9b21f64e48a02a8c0af16a438cd6de8a5886d287b49beda3fbaacaeaf2ab313c8

    • SSDEEP

      786432:x6l0UKLCZmq0Lbv7OkT6iNqrLJKHN4VmMa8rn/ZHPSgFtmo4c1TvWTZTK:xeNExL/OkWiohKHCVmo/ZH6cgyTvWTZT

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks