General

  • Target

    Hyperion.exe

  • Size

    26.7MB

  • Sample

    241110-2p8j6szndr

  • MD5

    597c7fb3f4843703f7c1181aa6cbb586

  • SHA1

    d29bd111bcd28a86f2d35fbb1c2322e95e13f975

  • SHA256

    830c0de8d81d4c7486bad50c6f8c93c89779860b9b26d64cf0e39cf31ebc7ac7

  • SHA512

    fc3348653a75a7377d1ec50503e73f397ecfb17104829098b4d185bcafcf58f70808f90e19876f98f6b9abb9188d202075b92bd29af2ced394b6ceb605473ec0

  • SSDEEP

    393216:22LYKd1QLdiqtByxjhIHqiK1piXLGVEc2w+KxXms97wYPZVo:m4uftAjFDiXHQ+KYwVo

Malware Config

Targets

    • Target

      Hyperion.exe

    • Size

      26.7MB

    • MD5

      597c7fb3f4843703f7c1181aa6cbb586

    • SHA1

      d29bd111bcd28a86f2d35fbb1c2322e95e13f975

    • SHA256

      830c0de8d81d4c7486bad50c6f8c93c89779860b9b26d64cf0e39cf31ebc7ac7

    • SHA512

      fc3348653a75a7377d1ec50503e73f397ecfb17104829098b4d185bcafcf58f70808f90e19876f98f6b9abb9188d202075b92bd29af2ced394b6ceb605473ec0

    • SSDEEP

      393216:22LYKd1QLdiqtByxjhIHqiK1piXLGVEc2w+KxXms97wYPZVo:m4uftAjFDiXHQ+KYwVo

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks