General
-
Target
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f
-
Size
64KB
-
Sample
241117-lvn5qa1pgp
-
MD5
af30ff39dfeca53c1fbccbf8d8df0e2a
-
SHA1
a258e8de2f444d0e8292b9787c56398c757de920
-
SHA256
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f
-
SHA512
39e5801020a1777e796720233d41483a80e081f2302b9be3aff6650ddb4ce70b1bcb4a91cdaec84f4f28446d36f8a1cad0616959f32717c688a1b674bab2b791
-
SSDEEP
1536:VwJOoN1oYaoZ5iV685XJPCt+5O/W8GSAOMTN8J/odVKQ+:VwJ52Y7ZoH5XJak5O/W7SAzTN80VKb
Static task
static1
Behavioral task
behavioral1
Sample
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Honolulu.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Honolulu.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f
-
Size
64KB
-
MD5
af30ff39dfeca53c1fbccbf8d8df0e2a
-
SHA1
a258e8de2f444d0e8292b9787c56398c757de920
-
SHA256
db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f
-
SHA512
39e5801020a1777e796720233d41483a80e081f2302b9be3aff6650ddb4ce70b1bcb4a91cdaec84f4f28446d36f8a1cad0616959f32717c688a1b674bab2b791
-
SSDEEP
1536:VwJOoN1oYaoZ5iV685XJPCt+5O/W8GSAOMTN8J/odVKQ+:VwJ52Y7ZoH5XJak5O/W7SAzTN80VKb
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Disables taskbar notifications via registry modification
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/Honolulu.dll
-
Size
19KB
-
MD5
51a384933bf227c4349d64fdaffcd6b5
-
SHA1
4a36dc985fd3cc30c4b61bd0e6277ac284f1b6eb
-
SHA256
cc2bf65f54932ec747c3e24bfc2ec90db5a59dca36e71d0d10bfc33a8d034248
-
SHA512
d15ecba8d1d7ad0181a715f06d40a90dc20ca7bf9ac32e687bcbf72d97989d4338be2430656283d93d280a8f86b20d1b51853914341768b5f570873e5b129279
-
SSDEEP
384:6t5cgTPU+9D9iX/99DNmifdcZ9Y2oI93Hyoegej:6teqcUZu/3DNDlcZ9Yts3Hy
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3