General

  • Target

    db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f

  • Size

    64KB

  • Sample

    241117-lvn5qa1pgp

  • MD5

    af30ff39dfeca53c1fbccbf8d8df0e2a

  • SHA1

    a258e8de2f444d0e8292b9787c56398c757de920

  • SHA256

    db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f

  • SHA512

    39e5801020a1777e796720233d41483a80e081f2302b9be3aff6650ddb4ce70b1bcb4a91cdaec84f4f28446d36f8a1cad0616959f32717c688a1b674bab2b791

  • SSDEEP

    1536:VwJOoN1oYaoZ5iV685XJPCt+5O/W8GSAOMTN8J/odVKQ+:VwJ52Y7ZoH5XJak5O/W7SAzTN80VKb

Malware Config

Targets

    • Target

      db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f

    • Size

      64KB

    • MD5

      af30ff39dfeca53c1fbccbf8d8df0e2a

    • SHA1

      a258e8de2f444d0e8292b9787c56398c757de920

    • SHA256

      db5394ab69095fd514bd8553c27110b9b18d039902ffb766d96d1bee5905098f

    • SHA512

      39e5801020a1777e796720233d41483a80e081f2302b9be3aff6650ddb4ce70b1bcb4a91cdaec84f4f28446d36f8a1cad0616959f32717c688a1b674bab2b791

    • SSDEEP

      1536:VwJOoN1oYaoZ5iV685XJPCt+5O/W8GSAOMTN8J/odVKQ+:VwJ52Y7ZoH5XJak5O/W7SAzTN80VKb

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Adds policy Run key to start application

    • Disables taskbar notifications via registry modification

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/Honolulu.dll

    • Size

      19KB

    • MD5

      51a384933bf227c4349d64fdaffcd6b5

    • SHA1

      4a36dc985fd3cc30c4b61bd0e6277ac284f1b6eb

    • SHA256

      cc2bf65f54932ec747c3e24bfc2ec90db5a59dca36e71d0d10bfc33a8d034248

    • SHA512

      d15ecba8d1d7ad0181a715f06d40a90dc20ca7bf9ac32e687bcbf72d97989d4338be2430656283d93d280a8f86b20d1b51853914341768b5f570873e5b129279

    • SSDEEP

      384:6t5cgTPU+9D9iX/99DNmifdcZ9Y2oI93Hyoegej:6teqcUZu/3DNDlcZ9Yts3Hy

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks