General
-
Target
Haven Executor.exe
-
Size
6.9MB
-
Sample
240705-tqp58a1fjk
-
MD5
eca3c967ed1828a91a4411bd28a903b1
-
SHA1
adf2cb27d6a09a8c3d91960bed5f0efa912a7706
-
SHA256
adb1f10f276c0a60aa85cc5b87b14214b225c102f154b5f7841ff642371bc6eb
-
SHA512
6efc8701b02654062266697200ca9cdf755db12ed5c186b599ff2e408058c98a051c25e730203a822ca4f9d63eef555d5fdd85bb095263ba2537581cd5a440e7
-
SSDEEP
98304:ByvITBgZ8SlBamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz5Zs5J1n6ksBnrNcy:BQIXSueNlpYfMQc2syhn6ksVD
Behavioral task
behavioral1
Sample
Haven Executor.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
Haven Executor.exe
-
Size
6.9MB
-
MD5
eca3c967ed1828a91a4411bd28a903b1
-
SHA1
adf2cb27d6a09a8c3d91960bed5f0efa912a7706
-
SHA256
adb1f10f276c0a60aa85cc5b87b14214b225c102f154b5f7841ff642371bc6eb
-
SHA512
6efc8701b02654062266697200ca9cdf755db12ed5c186b599ff2e408058c98a051c25e730203a822ca4f9d63eef555d5fdd85bb095263ba2537581cd5a440e7
-
SSDEEP
98304:ByvITBgZ8SlBamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz5Zs5J1n6ksBnrNcy:BQIXSueNlpYfMQc2syhn6ksVD
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-