Overview

overview

1

Static

static

1

hak5-wifi-....0.vbs

windows7-x64

1

hak5-wifi-....0.vbs

windows10-2004-x64

1

hak5-wifi-...oconut

ubuntu-18.04-amd64

hak5-wifi-...oconut

debian-9-armhf

hak5-wifi-...oconut

debian-9-mips

hak5-wifi-...oconut

debian-9-mipsel

hak5-wifi-...se.zsh

ubuntu-18.04-amd64

hak5-wifi-...se.zsh

debian-9-armhf

hak5-wifi-...se.zsh

debian-9-mips

hak5-wifi-...se.zsh

debian-9-mipsel

hak5-wifi-...se.bat

windows7-x64

1

hak5-wifi-...se.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hak5-wifi-coconut-master/windows/finish_release.bat

  • Size

    212B

  • MD5

    589650110d03c44f01dace0d1fb57e39

  • SHA1

    abba469dc3cda49dfe5e7d1b4f090f0e5fa6e749

  • SHA256

    5031cb08b1510ca06ac4d9720b9c38d7a3fcd886724890e6f22ac0451bdc8cb1

  • SHA512

    4dab6859a2163a5564c0fcdfe48cb4c1fe340d9159264460c3c1bfc9b5297de66c0ed7ce3644e33143bdc080763682c0f951fac80674b839b458eb7573b79250

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\hak5-wifi-coconut-master\windows\finish_release.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\system32\xcopy.exe
      xcopy ..\libwifiuserspace\firmware\* Release\
      2⤵
        PID:2776

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads