General

  • Target

    MHDDoS-2.4.zip

  • Size

    42KB

  • Sample

    241222-ljvs5asqcz

  • MD5

    cdc757c00733c6d1b88f7d88f01af99e

  • SHA1

    d73b6274a9f2e213f8e979073abca5c6383a83e3

  • SHA256

    61a1422d91e70bce28ce695075bce73d75ecf574f494e7416f217d4e6238a305

  • SHA512

    26f849233bc4c0d8fe5ba31519170eaf8eb3f6c7c7df533af9a20253e900971153d8317e4030938c4073899c15502af56b1733fc9ae118c8ebd5a5e85542e0ba

  • SSDEEP

    768:SfOtMycGcvoKv2s/cKrhmnfHvOclr/b8gI/KKF6P1WLrTbvKAlW4GTI1qfqbdw7D:Smt5CZPt0DzogItLZKK/5wrxwo

Malware Config

Targets

    • Target

      MHDDoS-2.4.zip

    • Size

      42KB

    • MD5

      cdc757c00733c6d1b88f7d88f01af99e

    • SHA1

      d73b6274a9f2e213f8e979073abca5c6383a83e3

    • SHA256

      61a1422d91e70bce28ce695075bce73d75ecf574f494e7416f217d4e6238a305

    • SHA512

      26f849233bc4c0d8fe5ba31519170eaf8eb3f6c7c7df533af9a20253e900971153d8317e4030938c4073899c15502af56b1733fc9ae118c8ebd5a5e85542e0ba

    • SSDEEP

      768:SfOtMycGcvoKv2s/cKrhmnfHvOclr/b8gI/KKF6P1WLrTbvKAlW4GTI1qfqbdw7D:Smt5CZPt0DzogItLZKK/5wrxwo

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      MHDDoS-2.4/.github/FUNDING.yml

    • Size

      125B

    • MD5

      69ea66cae71d0ecc263684b557448197

    • SHA1

      39baeecd5f8c1b57527e09ee927df56eddb442b8

    • SHA256

      11b2a333d8d5b29fc9324a8684957dbb2ddd1ed2326b0758ec5d1d630e3f9f8c

    • SHA512

      f3d4dc9938fa6c2ffd55af2158f1910d38ca9b34872b8d95f04398b73dca5d7cc1f3a28cb5ae5c77dcb3241f8e49e55697e31c340ba87ecc7d7af4352db94fee

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/ISSUE_TEMPLATE/bug_report.yml

    • Size

      2KB

    • MD5

      25b2deaa314bee20c67292d6025bc114

    • SHA1

      06809a2aef3154e1d002fa1ab750f966aab2ce59

    • SHA256

      6723d4ffdcfca2a3c75e71312232819f677b7a01e514e8ba73bffeaa28659a64

    • SHA512

      2cf3d0620f1772c26f1db0821363d3958e902827d7486d310746d794543684e97ca21f3b16596689716349b97a40d2a3a592f3e1de8d201e10ee6fe6c622aff1

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/ISSUE_TEMPLATE/config.yml

    • Size

      172B

    • MD5

      3653e368625212296b65e9c595d37a69

    • SHA1

      72ea9b5da17975fa0c4a532ac90af695f988fc52

    • SHA256

      970c0dda0aa36dbfac744dedcfad932ba4736665849ee06c2df84be990ebee34

    • SHA512

      a653ef82328026351e584d9737bc09447db0bcbbc0648633365550326bc8fa44b7b7db12398f9deb41459c233bacebf70e78bfe240a9acfd5718ef18bf92aba2

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/ISSUE_TEMPLATE/feature_request.yml

    • Size

      1KB

    • MD5

      680511c3c3279ecdd90f8ae3e0693e52

    • SHA1

      a7fe4f69397f2f9b83faf2dc99f38dbc09e5479d

    • SHA256

      b73780a4ce64a133ec19109b9118d5e24979dbc27bf89a1a70ed8277708db2a9

    • SHA512

      532fe3509d9dc3453766937d7b2327d4e9d749b6ea87440f39d452f619c599a5808ce5691d1dd44346e9354febe22d2eaf10ad02e162b452068d08000caf9de9

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/dependabot.yml

    • Size

      311B

    • MD5

      70f96633e0e5db83a94a27f5b9decb80

    • SHA1

      13a2fc58f1c5fb4af87efd1e60411091d1614f4e

    • SHA256

      4635fe9ecc603c732620e8d115232e17213cb9e6dc837b4e0a610870483b08c4

    • SHA512

      a17b46a7be61fb4686da6e3c47eec1cf0034c4e2a4861f456b927ca741814acfd8b1192271134c05ec5e89b8023be3eb63861748cb50dd2d05e334185d9b7f77

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/workflows/codeql-analysis.yml

    • Size

      2KB

    • MD5

      72b2d50b0371a821410e02ef8ee24259

    • SHA1

      1ba7ebda62041bce7ae7f494a4c0be688a8b3d79

    • SHA256

      16371d95e982adb5d89f9ce911b8583a68a48a6a1b854f8b8c14101c534f09dd

    • SHA512

      b994df61fb630b3cfc543f94cb2acd5301091410b421e8c335ef6c2d31bbf199918f0d98a3352d2e3565f07854826eb22159c0f8004aa27982f3bd0b3dea92b0

    Score
    3/10
    • Target

      MHDDoS-2.4/.github/workflows/docker-image.yml

    • Size

      769B

    • MD5

      0f13785a7f54e4aedf254cd78fd147b6

    • SHA1

      aec94dbb0d53daec051b7c17cc42d3c2eb8bfc7b

    • SHA256

      d8723b1352ab152ac08f849fe2c6e2a17cede4d9a764ae9a55c7eaa3ddfac7b3

    • SHA512

      d17da55b50b89d38263e6485e0be7effe19c2dc410e5bdde9a8aef136ca61d511ea28df2e5d39f49a99a25ec0ed0e87c96d561d32aabd11b0f67b083fbc2a56c

    Score
    3/10
    • Target

      MHDDoS-2.4/.gitignore

    • Size

      39B

    • MD5

      2079998547fcbac998441bad89349f1c

    • SHA1

      2d90e9bb58f0201ec5722e2b3654597c1031227c

    • SHA256

      653bbe82cb4a9b6e8730c830c70a7841f2cfb230dc410d73f2ac35e653b64689

    • SHA512

      0c5b304798724abf04dff542f25c4ed6ce3dc3a8fe2086526c2e247b3cb91d0a5db365b64a9893ff1ea82ae9419485df0ce37019143ffdb16d40131615b834f8

    Score
    3/10
    • Target

      MHDDoS-2.4/Dockerfile

    • Size

      147B

    • MD5

      d736d63f8f3de092ae7ebc11b3d8ebdb

    • SHA1

      e216396587dc0b453c5178d1bd5ca7d19653a1f0

    • SHA256

      15b00a563a3967740ecbb51d4289bee7b9c9e767535ec4864a6f033f7fbaeabc

    • SHA512

      6f364cc86c3829770dcc00ba270005568684f66bfc221c578607b8877fbcb15e620a422aeda1d9695a761c2cc5596738a59bdb633ba7a2593169e864ff82634d

    Score
    1/10
    • Target

      MHDDoS-2.4/LICENSE

    • Size

      1KB

    • MD5

      fcb54f3d61e276e8a29803cc232fb7be

    • SHA1

      cefadfb196644f3cab5747e7f157b6cba83b0517

    • SHA256

      32017c04e8cfad57bd10af4c094f32d547a70b623210cebffce670ebe40dbd31

    • SHA512

      04ab5884ad5b6a6f93dd18bdc942a3166432204c4caaacf3e721d7d0b1131e3dfe2a59df075c0181f3fa09254e6ac8a9586ac074e4207b6f224b3f4408665439

    Score
    1/10
    • Target

      MHDDoS-2.4/README.md

    • Size

      9KB

    • MD5

      7f6f963b6e685bef31e6df58ecc15785

    • SHA1

      054bfe9600cda391dc05e91e552cd06d49fd03a4

    • SHA256

      c939d0f555cdfc92dddb953d984ef2c6680f2da0f849d0abbbd51107884991c7

    • SHA512

      42e5b740e1dfc428ef721c7de8de96fc9ed5e018e1f03d04d2ce691c525560339af5746a047026d8794082352c98dd4b441f327c8f4b67fa98288ab0a72f8fbc

    • SSDEEP

      192:U0Lf8Lj0W8hG+ge8Sv+j6gr1yt+0cBe0xZUUjVmNyDN3WFuQXMA3NCKElk2x1:U0LfUWG1eIi/cBVMUBmNyDN3WFBh3/EX

    Score
    3/10
    • Target

      MHDDoS-2.4/config.json

    • Size

      6KB

    • MD5

      eb7dfa5dd0619f8ab067d8d3bb046f11

    • SHA1

      6c7b3365ae8789440d58ee2ef09c14dee3780899

    • SHA256

      771218fcc0fdb77ba4eb2a4032c3d245cbf7f0b26c6ffa786780f07fa5fb57de

    • SHA512

      57c170d4aca46d349b0e7ca242e37d875ec7614fd07bffeb772e78fa0da7a03be8730704e891214b91eb2535d172cc4ab05e5dcbb199649a97060fb99c77e603

    • SSDEEP

      96:63JXTTzKMkFy3vT7KMkO3WKSiITzOp/gIq+e/z:ulzKMfHKMHWKpSTT

    Score
    3/10
    • Target

      MHDDoS-2.4/files/proxies/http.txt

    • Size

      1B

    • MD5

      68b329da9893e34099c7d8ad5cb9c940

    • SHA1

      adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

    • SHA256

      01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

    • SHA512

      be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

    Score
    1/10
    • Target

      MHDDoS-2.4/files/referers.txt

    • Size

      41KB

    • MD5

      70ff1db80cce021631c894497407697b

    • SHA1

      0e8b7a13c15ee6048e857eafc5dca04ab800b13b

    • SHA256

      18cea4d3602cc35c65fd838da3d9995f9839fe3b61b8d5576b8f4fe4f79792f5

    • SHA512

      2d36ea34c74fc85bdab7edf387461669621c0d8872d58705523edefd8f27d7a863e6b65094c1fa8d17bbb0b54c3de88da63cffab371291c179a84800ecdb367a

    • SSDEEP

      768:1OfB+5A3gNuq3LpOfB+5A3gNuqB/n5B+Yr:1t+gNuq3Lpt+gNuqBLr

    Score
    1/10
    • Target

      MHDDoS-2.4/files/useragent.txt

    • Size

      81KB

    • MD5

      9301d0eec870d631d5d052d481c0896b

    • SHA1

      087f65e81695092d0ceffaa4746103450020fc9a

    • SHA256

      a89e45028b06a250b8da482aec4b6be3b1d5f261f26f50dc6257223629764f84

    • SHA512

      a539773c8aa9e47ce3ce69438b3f62a2a2f727582b59a32e6a78212bde4e16723afce82d66294055186c3ce552801985de823d31ec07d329e40c82cead38ec17

    • SSDEEP

      384:lVL5hz1ulLTWf9N94H+igVdtwzdVoXrWQ/IVStnKdiopc3hXwKXKa9dY+DzNLYnj:ln43w9XWAnqiopcxXwa9y+DDq

    Score
    1/10
    • Target

      MHDDoS-2.4/requirements.txt

    • Size

      175B

    • MD5

      a75eb471f09a64c0a25fa6dc89fff392

    • SHA1

      f7bed2bcc5c2aa48f92371a38bfe8ec302468973

    • SHA256

      e2035ed611e4cae20068e86b400d441f2ddda034eb067ea549696ed38dca919f

    • SHA512

      61e2a87c99472f04ade797799450ece3fc4f1664750235c6163c1c1d1a9f67cabc29ccb201c1b1679096f6667912c9d783919c4c89a14811942023d47a1dd4c9

    Score
    1/10
    • Target

      MHDDoS-2.4/start.py

    • Size

      59KB

    • MD5

      fb0a5754c1eaf460d1df829b9ea054a6

    • SHA1

      d3e53a2648c408324832ada82e2798424fab180d

    • SHA256

      4a9338960064e349281cad644d3f384c30035989fd4e15c12475601f6b05dd0f

    • SHA512

      12b041f21a13691ed70850c25c1bdc5ccc2e5eda23ee1a62cce8b04934fb21e96528380c1348e383c4f7ee65388bff7bb2495e60d162134c99ce449a38adb50e

    • SSDEEP

      768:kNNg2M4T6salJT121Gu6bkWonR3pE1NlgCtKg6go:kL3palJZIGXYWoR52gCtzDo

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks