Overview

overview

10

Static

static

10

Howl/VMPro...64.dll

windows7-x64

1

Howl/VMPro...64.dll

windows10-2004-x64

1

Howl/backend.dll

windows7-x64

1

Howl/backend.dll

windows10-2004-x64

1

Howl/build.exe

windows7-x64

7

Howl/build.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Howl.rar

  • Size

    75.7MB

  • Sample

    241119-1v4bzatcjb

  • MD5

    60589321d25f9402fc29ebd360440bb7

  • SHA1

    e71dc48941cc372e9477835501f21b9fa61ad791

  • SHA256

    94191717090effe8e6f4e6b21169189cfde2efe0d3ab094089fb1c51c7d17870

  • SHA512

    33365a53cee8affd816ac5519d177f5411ac34d83e08e9bcd340e2e9f5b74ba3a95ca6dbe1a083e8777b06418d07677b29e138ca8eac5141fb3272b4105c2c74

  • SSDEEP

    1572864:6QZN/8DPjAaLu2oPsGd7Fgo9nyrsbeD0CpiDoXUFYb4RAfM9I8iWiAhaM4kS:6QZN/ALAaq2vGdpgOyrvD07oEYkR2yib

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Howl/VMProtectSDK64.dll

    • Size

      129KB

    • MD5

      1d1e93903fd693b293c8181c513d6eca

    • SHA1

      1a7964562c30c1d99b6e1869a17fc0f01da7227e

    • SHA256

      0ba63caee55664d487b83da25cb95ae0754c64c26b38716fa69e49bb9a6b655c

    • SHA512

      e69c6191d10f78edae2d1745444e26e74d05dda62651994a2a748777532aecba55b324a697a2674eb902095c5a2a04da9dc3ccb81b80b97f3410a0fa2c801b5f

    • SSDEEP

      3072:AmcqYHq7Aiytzg2ScpvgJcG5sqYX6UgHHlBSV/J:J0Hq7AiyegZgJZSXYnHyh

    Score
    1/10
    behavioral1behavioral2

    • Target

      Howl/backend.dll

    • Size

      717KB

    • MD5

      1f2cc0b1521e6227ba2694c992db36bf

    • SHA1

      271a2168cf0b470e322657b30e78cea7089491d9

    • SHA256

      48a87346fdb1bb26567dfbef82ae7e38032fd32b15344d080e8a97bb0455ba0b

    • SHA512

      5d330b94096a98fce06fb4a65d0f497cacdb7c13838b0a737a59c83e71c8ea2441cebf922b4e539ad1ce1954e03da26cdf52475d637060523aad7ffe963ca1ff

    • SSDEEP

      12288:L0ak2+olFra2fGwtrAxp0N7veDIrRzKb+rDTdjvcyO:L0ak2+olFra2fGwtrAD0htrRz2ODN0

    Score
    1/10
    behavioral3behavioral4

    • Target

      Howl/build.exe

    • Size

      78.4MB

    • MD5

      eae3bbe73213fd0b4c9b315673270d06

    • SHA1

      cda6ec591899c5b5bfa61c8bd25a4d87d23a8830

    • SHA256

      36b652e060aef8ddcef266da7864afeaf3700121ef70483e830c7a23709282ac

    • SHA512

      0c51f85adcba2335f780c0e391e7a47d7fa121c3f2907ed4eca5ef2f9a1d4c561edfb00a906aa851723f7840267f47cc1be09d31da3f4ac8316d556ad12ab13c

    • SSDEEP

      1572864:jGKlgWjLSk8IpG7V+VPhqHJE7bbli08iYgj+h58sMwJDsZcj:KKiaSkB05awHAw0251Q

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks