Overview
overview
10Static
static
10Pvt Hooks.rar
windows7-x64
7Pvt Hooks.rar
windows10-2004-x64
8Pvt Hooks/Read.txt
windows7-x64
1Pvt Hooks/Read.txt
windows10-2004-x64
1Pvt Hooks/...us.dll
windows7-x64
1Pvt Hooks/...us.dll
windows10-2004-x64
1Pvt Hooks/...or.exe
windows7-x64
7Pvt Hooks/...or.exe
windows10-2004-x64
8.pyc
windows7-x64
3.pyc
windows10-2004-x64
3General
-
Target
Pvt Hooks.rar
-
Size
7.3MB
-
Sample
241130-gw1gxs1kdr
-
MD5
f2f2bc99451966cbe5d3eac82d04c192
-
SHA1
91ecfd21be0f9df10ace16606a8e83063d20aece
-
SHA256
899517a9868cd13a0598c60129bc8050a0d5afc6259c9108a59c8a7f26a1e2ed
-
SHA512
39dfd96ceb1fb11745ed51b6ee0085a4dd94a563490e5ee4b313838615c373de282b75247eefcfaf1d514d5bcf3336783832046e216ed8adf69cfadde4bb63a5
-
SSDEEP
196608:EXHOAPIky5foxxnbmG5B5oMzdt5CmfdTyb/XE:EXOAxJ3nCqhzZfd+r0
Behavioral task
behavioral1
Sample
Pvt Hooks.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Pvt Hooks.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Pvt Hooks/Read.txt
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Pvt Hooks/Read.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Pvt Hooks/injector.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Pvt Hooks/injector.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
.pyc
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Pvt Hooks.rar
-
Size
7.3MB
-
MD5
f2f2bc99451966cbe5d3eac82d04c192
-
SHA1
91ecfd21be0f9df10ace16606a8e83063d20aece
-
SHA256
899517a9868cd13a0598c60129bc8050a0d5afc6259c9108a59c8a7f26a1e2ed
-
SHA512
39dfd96ceb1fb11745ed51b6ee0085a4dd94a563490e5ee4b313838615c373de282b75247eefcfaf1d514d5bcf3336783832046e216ed8adf69cfadde4bb63a5
-
SSDEEP
196608:EXHOAPIky5foxxnbmG5B5oMzdt5CmfdTyb/XE:EXOAxJ3nCqhzZfd+r0
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
Pvt Hooks/Read.txt
-
Size
122B
-
MD5
93005aeb91e3828c182a2163048c446d
-
SHA1
37f8dbb807b2658ac34f4c1404c9296fd9e9cd85
-
SHA256
76abdc837b9cbfdb26611f7418df14870d16233b343dd3a6a50015d87bc8c7fc
-
SHA512
93f1c8e35112df22c0bf54d07fe07275ecb96a838741723e8749f8b2cf6bca65561c04546e5706b0d193744714e19e33f008bab052bcc75be8a733e06fb8ff4b
Score1/10 -
-
-
Target
Pvt Hooks/ascendhookopus.dll
-
Size
4.8MB
-
MD5
8649ae5a732bc808f228677b27a1e9b6
-
SHA1
95775c451ed9604d9753465d8cc4d52ca1cb58a4
-
SHA256
b39781589c4403fb82174c9647a010464cff38bad976547d339899b00053a545
-
SHA512
9b6e678f35f776c7a14b35998c4a5682c26de1cc59347c55f3744d216a9ba038d077317fe5a80d6de1903f9788f7ab58c04535213b43777b0003b857800d4525
-
SSDEEP
3::
Score1/10 -
-
-
Target
Pvt Hooks/injector.exe
-
Size
7.5MB
-
MD5
5ac349d31df2f8659f3cbafb6c364d63
-
SHA1
6b897500c22044917fae28b0bfacdf06fb2c9a81
-
SHA256
38fe07cf164f35010e97497f66a0435b77b625e69a4c211c8c3b111c4afedf5a
-
SHA512
dea18006743d2e2abfd647f43d24e263aa3725eed1e61b53610fa4f85b7882aced03122dfb7c002e78930772a264befe03568404b62ca50cf290f4734bcf7bb2
-
SSDEEP
196608:eNxHcLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1ju:GsL+9qz8LD7fEUbiIqQgpu
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
.pyc
-
Size
1KB
-
MD5
704b08b03b3634ccc8dfd4f9113ac694
-
SHA1
6d73ae488e664ad5210340bbaf2c298158d6572c
-
SHA256
ef1a4d73b6b2c916f973e751da330a9ce4171a06dc55eec2eedfb8a2b11308af
-
SHA512
940c3431dd929cbb7d43532851ffb07f109964102385aae485e7897f8cc22b55e0420558f7ba53214fa1927e5cb34d1a0a1c9991164f62bfbf5fc812c2fc650e
Score3/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3