General
-
Target
PvtHooks.rar
-
Size
7.3MB
-
Sample
241130-gyy2wawpcv
-
MD5
f2f2bc99451966cbe5d3eac82d04c192
-
SHA1
91ecfd21be0f9df10ace16606a8e83063d20aece
-
SHA256
899517a9868cd13a0598c60129bc8050a0d5afc6259c9108a59c8a7f26a1e2ed
-
SHA512
39dfd96ceb1fb11745ed51b6ee0085a4dd94a563490e5ee4b313838615c373de282b75247eefcfaf1d514d5bcf3336783832046e216ed8adf69cfadde4bb63a5
-
SSDEEP
196608:EXHOAPIky5foxxnbmG5B5oMzdt5CmfdTyb/XE:EXOAxJ3nCqhzZfd+r0
Behavioral task
behavioral1
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Pvt Hooks/injector.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Pvt Hooks/injector.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Pvt Hooks/ascendhookopus.dll
-
Size
4.8MB
-
MD5
8649ae5a732bc808f228677b27a1e9b6
-
SHA1
95775c451ed9604d9753465d8cc4d52ca1cb58a4
-
SHA256
b39781589c4403fb82174c9647a010464cff38bad976547d339899b00053a545
-
SHA512
9b6e678f35f776c7a14b35998c4a5682c26de1cc59347c55f3744d216a9ba038d077317fe5a80d6de1903f9788f7ab58c04535213b43777b0003b857800d4525
-
SSDEEP
3::
Score1/10 -
-
-
Target
Pvt Hooks/injector.exe
-
Size
7.5MB
-
MD5
5ac349d31df2f8659f3cbafb6c364d63
-
SHA1
6b897500c22044917fae28b0bfacdf06fb2c9a81
-
SHA256
38fe07cf164f35010e97497f66a0435b77b625e69a4c211c8c3b111c4afedf5a
-
SHA512
dea18006743d2e2abfd647f43d24e263aa3725eed1e61b53610fa4f85b7882aced03122dfb7c002e78930772a264befe03568404b62ca50cf290f4734bcf7bb2
-
SSDEEP
196608:eNxHcLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1ju:GsL+9qz8LD7fEUbiIqQgpu
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3