Overview

overview

4

Static

static

3

Hemingway ...om.ps1

windows7-x64

3

Hemingway ...om.ps1

windows10-2004-x64

3

Hemingway ...or.exe

windows7-x64

3

Hemingway ...or.exe

windows10-2004-x64

3

Hemingway ...m.html

windows7-x64

3

Hemingway ...m.html

windows10-2004-x64

3

Hemingway ...ell.js

windows7-x64

3

Hemingway ...ell.js

windows10-2004-x64

3

Hemingway ...47.dll

windows7-x64

3

Hemingway ...47.dll

windows10-2004-x64

3

Hemingway ...eg.dll

windows7-x64

3

Hemingway ...eg.dll

windows10-2004-x64

3

Hemingway ...GL.dll

windows7-x64

3

Hemingway ...GL.dll

windows10-2004-x64

3

Hemingway ...v2.dll

windows7-x64

3

Hemingway ...v2.dll

windows10-2004-x64

3

Hemingway ...lob.js

windows7-x64

3

Hemingway ...lob.js

windows10-2004-x64

3

Hemingway ...de.dll

windows7-x64

3

Hemingway ...de.dll

windows10-2004-x64

3

Hemingway ...p.asar

windows7-x64

3

Hemingway ...p.asar

windows10-2004-x64

3

Hemingway ...cli.js

ubuntu-18.04-amd64

3

Hemingway ...cli.js

debian-9-armhf

4

Hemingway ...cli.js

debian-9-mips

1

Hemingway ...cli.js

debian-9-mipsel

1

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ..._mo.js

windows7-x64

3

Hemingway ..._mo.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    P-306HE.rar

  • Size

    85.9MB

  • Sample

    241121-pmlamsskf1

  • MD5

    16e4fb254d9f8f530d111a476cd3454f

  • SHA1

    6bc9a77413918f5371e219b45f9a7722553d7e54

  • SHA256

    48a1ddd75c17570b738ecd325cc826db74a31a640d5ca7ef76321d636df75533

  • SHA512

    0990f700133d1a8f66a3c0b1a17f981a059403e0dacdf402743cb1d21191e9451dcd2a2e1a874114a9861659b2c7fbed85d8eb1fd26c6e5cfc5e3c1d767d8bd8

  • SSDEEP

    1572864:80HDq7j4eyznBBfdbMxreLaeTCtFadJeq/F1ukHaFDCT58y8sY:8LXenXWJe25t0dJ3vukmCu

Score
4/10
antivmdiscoveryexecutionlinux

Malware Config

Targets

    • Target

      Hemingway Editor 3.0.6/App/AppInfo/Launcher/Custom.nsh

    • Size

      8KB

    • MD5

      fe2e52aa1bce27f09d0036481541fe83

    • SHA1

      198ab02c8014fffc3343494a25f286a9253ee737

    • SHA256

      54bbcbcf53f2124e8d3c3c50b87de5f406b695f21d79f065373ff35bf9b3ff5b

    • SHA512

      5d6454e94b1742d823baff584fea1c9106fa19359c1804fd9a2d4e2efb1adf03515ecd3790646d32303ead69ba2a542a1236b09c49be19c0659d98cd7e86af4b

    • SSDEEP

      192:WQuZpPDcyxkYLtrOEuo+a7RdVRusuFV5ut:l8PDcyxao+4nRutFV5ut

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/Hemingway Editor.exe

    • Size

      22.5MB

    • MD5

      6d035bd7f0d89f55f088d2c151c5456c

    • SHA1

      df8505f051de544bba0709af49d2e94074764aa7

    • SHA256

      6e82ea42ed3db57335e4cc6a98a3b0de324d6ef040e38c9fc309fc8e864a233e

    • SHA512

      a67b5e893b5ad496ac3c478f8b5b3f2767c36b4fed5c13cd8a0dd91bd95935bca535ab23d86859b0d300e4b24e30c523f6509017dd38d28cb31aaa93d8d209a4

    • SSDEEP

      393216:4Yl3Jps1k8U7C24rh7dYoq2ssWXmlnxWPdlzU9BE5XUV5Cxt7RV:4YlwUuFBlqllXm5ElVXUV5CxB

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/LICENSES.chromium.html

    • Size

      1.3MB

    • MD5

      05bb8752fae55b36f44c703cee71e618

    • SHA1

      b03383ba85a4d27b8b1bb2b4edc0e5f987e197dd

    • SHA256

      582d89f9af44753a4ce9a207f00fc84b25549e23176d2b2f87991671099d241c

    • SHA512

      adbcd665afbabfca6b91c0745dfcf964416a6f91f490cc38b1a047f23e789ed7843fc9365e272f28d307b063a38140dc40c5555af5ee06f8a88e7a641dc06e33

    • SSDEEP

      12288:xm3m4mqm/mfmgCHzA+Sx2cXrDCRm0FtZZmS6h3BbZrS7Ui61GQqbdWHzW3V1GfoC:Fjtpw2BNuxQBZrCr+KDeclkUhqQqo

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/content_shell.pak

    • Size

      9.4MB

    • MD5

      bfdb450e909347096bea8f6427c3d960

    • SHA1

      9b72d27d7db3721841630fefa879d7ada7794422

    • SHA256

      ad62b146780f67c3bc35dd53eff33ef1cbd9f9351b8ecdfe2fd74555479e0f30

    • SHA512

      8f666a9d5087213a1405cb040dcc2653fea4c4cc0a694d37093ab977eada1d52734949883d5699013f1d943f1b19511a3dead15842164f77dfe5d7f0b64bdf2b

    • SSDEEP

      98304:M1hRWo0WN2wWPG4+bNAUiWCndWjGGG2pLTux:ehRQHwWPG4+/O

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/d3dcompiler_47.dll

    • Size

      3.3MB

    • MD5

      c5b362bce86bb0ad3149c4540201331d

    • SHA1

      91bc4989345a4e26f06c0c781a21a27d4ee9bacd

    • SHA256

      efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

    • SHA512

      82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

    • SSDEEP

      49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/ffmpeg.dll

    • Size

      1.9MB

    • MD5

      62c084e4269078788f62275ba4b83b67

    • SHA1

      bd71d0beb10743dba93e9f788daeff194b4fb5ed

    • SHA256

      b26ece4f09ad918d2b5785e4dc448323ae697cbacde1d693253191ef59797702

    • SHA512

      ed8b9baa16571afe7299031573011d69d9e777d49d3499c0c7d35466a09cfc7985f4ed5e52fa16c84e3cb6090d66261c60fc52bd91b6fedb2eb1a45e7d959b13

    • SSDEEP

      49152:XrJsHhVV0X0sN5YpxeUy6hdaHM/yXlNQef7jW+l2v:XdsHhichh89XlNHfn/

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/libEGL.dll

    • Size

      79KB

    • MD5

      56b1ac325e3158dac97b5c741ca15f8a

    • SHA1

      2b19d9d58640a764279bce5ca9e4298dfafc250c

    • SHA256

      988150ba5605b001d91929dbda2d62cf4d5b78fa4bbadb4d288cdbfd434970a1

    • SHA512

      aae072ac1bee95d97b63064726d9ab96cc1df7c5b2b4fc1c4258a9c4528ec3c8737247ac4874ac840bd94f676be8e05c7d238543d308b72a786702f8c841cc25

    • SSDEEP

      1536:P4alhZJYUTOmaBu87JnsQoCq4HjYnsWMG2cdGZ0+N5K:BMM0GeEieGZh5K

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/libGLESv2.dll

    • Size

      2.2MB

    • MD5

      295240747d8ddf40a7b7f9bea7b1faa5

    • SHA1

      a6e932650d1f8815e44786bcbdbb5493ebca6268

    • SHA256

      c84b74b77dc3066952d5284eb83d38c579c4cb282070cff98a18f7e4fec01235

    • SHA512

      42b026166b7b905ad51e53599dee56e208186cace0781fad8168c3f9470cbc435bad6a9d94710bed1111f001e54903987105633a258e9903e8d1cae1f64b640f

    • SSDEEP

      49152:GF6K8qduL+Xnwc44vHWST5CKZzNIZlW84t9TD0Z5W39UkNYlcVM0NX+H0R2gPErd:y6VOnttvHE2zNIZlW84t9TD0Z5W39Uk3

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/natives_blob.bin

    • Size

      358KB

    • MD5

      16a819fdcc843cddfaa0f1d4c7d143bd

    • SHA1

      48d700ab8c8f22aef074d0a3c9f2b40a84a412d5

    • SHA256

      35d85320e2908240da1dc8a577da3aad702936999336a3dcc0576b00c13e9756

    • SHA512

      571f47911441ac31cea080a5d24a38351331dc5d8c9a09ef0ed7f61d439c4f81b27d4e25d73dbc64e192658d3e5415c42026e64cfd0885fb15cdea17cafdd9de

    • SSDEEP

      6144:BbmSHseCvxC56MQD6dDH9h/ehAzUoht5DZhlkEDLv5No6PxbddS:BbmSKChfzUoht5DZhlkEDLvPo6xddS

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/node.dll

    • Size

      12.5MB

    • MD5

      556cc9100112e47d573307aa4eabb997

    • SHA1

      fd4ae674fcd8837ffc0fe1b0653306350a16abfd

    • SHA256

      32206ef43b65fdebe90eb8a4c1a5b0f0914c1177d1b8610e810f3a2fe76db448

    • SHA512

      ca7b215cd1d534c131b33c8a56ec3d17522b95ea45582ed8464c77ec8684d18f3ab492be839bc0f6e94938fd4e30e654be3451d92ba84fe89034b46616bf0bce

    • SSDEEP

      393216:hQjnm9Jp1bPeRJk5k44pYGgDA2c8j46IPAI:hQjKp1bPeRJk5k44QDA2c8j46kAI

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar

    • Size

      205.2MB

    • MD5

      92204aaaded1ed09814c547e0beb259e

    • SHA1

      df6351fe9d94f468f025a92684cc3ed0e370ea73

    • SHA256

      eb810afcb28b9e76496730e646ceb369e02a6efedbed5a7270c976651721b9b9

    • SHA512

      e6cbc1ce352c068c93fbe1533d7ca96b48ce11f87e77ece216c3371c62f85d4479322e5d2ed0451d1b88edbbede39b7835a141a1393bc6b098d24b42227f057e

    • SSDEEP

      393216:t8ffgJHWDbVzwvKpiGVkspClkPiHe8fIvIkC5O+3opPTqTJf:uVziGVmdY4

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar.unpacked/draft-js-import-html/node_modules/flow-bin/cli.js

    • Size

      514B

    • MD5

      8578417fec52c543ee077f6d877ed9f8

    • SHA1

      7f75b2cc09cf971c681ec60b63857be3145f4f39

    • SHA256

      76d3e194796ca30c3842ae08ea868076d1e820930e1b1743680a9f42b9f148a5

    • SHA512

      fc9be1e301622847368f25412ad045845fe76dd425c74e376a911163c21f26337595d252e2edbb9349c40246560950181af545d049515d9582cef2041f367540

    Score
    4/10
    discoveryantivm
    behavioral23behavioral24behavioral25behavioral26

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar.unpacked/draft-js-import-html/node_modules/flow-bin/index.js

    • Size

      380B

    • MD5

      3855087032b276435d42d5cad17b08a1

    • SHA1

      5b863c836ddd6a8a212a592ab63ee0234c410b60

    • SHA256

      75036a43d03d135265be2f731c9941405b180d1f574f44853ead98a33b7f5018

    • SHA512

      502e415b60c5aacd86a9859cea9739af62c3f9baf4135b47790892c91e731a63a53617fe1f53f2c1a2a5f3cacc18276feab1cead55b1e0c98c08c61829e9590b

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar.unpacked/draft-js-import-html/node_modules/flow-bin/lib/index.js

    • Size

      714B

    • MD5

      019eb74f0acba36ee65a14fc52089405

    • SHA1

      82432868212d27ce53a93cd8fd9b8769c3b985f9

    • SHA256

      ca9835ce04ae6361817d8057c1aae51fa61163baeaa070cf4f5934f3cbfe9c9a

    • SHA512

      de1a22dce6521ff5859cd97f6960758e425c7809030430fd572a15d7d6e497aea694fe126c5ccdf2f3ec0d800a058ac7d128ac7605027e2625e9150732a9e2f0

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar.unpacked/draft-js-import-html/node_modules/flow-bin/lib/install.js

    • Size

      569B

    • MD5

      722f5425dd21e8dccc82cfbc64c2c2e0

    • SHA1

      8c94c35cccdb28b035f15b0caf65e182b3701bb7

    • SHA256

      728755e060d89cc1d8619cc428331b4b4e7f7097863ff81f04890cf760c9efb7

    • SHA512

      31eea8f54b137bacab0e0e553a19a6199d4de1eb948cf1cf54e8a803cd970868978a2970a00ca237d89e7e97708fb57d046e91cde92d17bd49ae44f587546dcb

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

execution
Score
3/10

behavioral2

execution
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

antivmdiscovery
Score
4/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10