General
-
Target
761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe
-
Size
777KB
-
Sample
241110-wwzb7a1qax
-
MD5
7c04bddcca9cb40af43b31afee8c434b
-
SHA1
f8c884e435d7d3b6fee6d68b5da323d517521912
-
SHA256
e7081a52947cd74efc66bdadfada4f8c734a23c28f15d66ad8f9efde89590c43
-
SHA512
d379a6d76d01fd35be6be6f80890573520ace26d80b653e5734de687a14bdebf567dcb68f4a451f5a696054bd586b73f4ed9b62087439c40bb879a77f0af7357
-
SSDEEP
24576:sMwhY36B+DeNLLQu+Zx0PARxFWfcFqal/F4X5ZiR:sMwhESstZq+WfQiX5a
Static task
static1
Behavioral task
behavioral1
Sample
761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Ornitologisk.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Ornitologisk.ps1
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
761dffc1e47769b81f33e40f159cb36a54d7d241f278f49e8383e0a28e55dbab.exe
-
Size
777KB
-
MD5
7c04bddcca9cb40af43b31afee8c434b
-
SHA1
f8c884e435d7d3b6fee6d68b5da323d517521912
-
SHA256
e7081a52947cd74efc66bdadfada4f8c734a23c28f15d66ad8f9efde89590c43
-
SHA512
d379a6d76d01fd35be6be6f80890573520ace26d80b653e5734de687a14bdebf567dcb68f4a451f5a696054bd586b73f4ed9b62087439c40bb879a77f0af7357
-
SSDEEP
24576:sMwhY36B+DeNLLQu+Zx0PARxFWfcFqal/F4X5ZiR:sMwhESstZq+WfQiX5a
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ornitologisk.Aft
-
Size
53KB
-
MD5
67b3616cc286b91c6bd34e0ef06458c5
-
SHA1
69cca440d16c92066bf037c903449cd6b85c02e4
-
SHA256
40426fee8802d21e821cdb9380dc50750f8e3015d9c486e11685b06e19a8c59b
-
SHA512
fc8e022b4d8a329034f4dba81377ea9b8390d0ea8824cb3e3b7f9157be0e33f592841f5329f7db46eb0ffccf09bdcdb196f4e5e0b94ca289b3fa0bcc0953f093
-
SSDEEP
1536:RGlCobnJs2j8Bm4UHDO5+993vpAjHbhvCovPaRX:6TGC/wvCoPaB
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-