Sunday, June 15, 2014

Mandiant APT1 Import Hash

Mandiant released an article on the importance of Import Hashing. (Imphash)
The article listed hash samples reported as APT1.

Google has hits for these hashes on Malwr.
Using these URL hits MalwareViz created the below graphs.

The graphs looks similar with only one callback.
All are currently detected by an AntiVirus.
Some show one dropped file.

Imphash: 2c26ec4a570a502ed3e8484295581989
MalwareViz
Malwr
Note: This file crashed during  execution, so no callback.




Imphash: b722c33458882a1ab65a13e99efe357e
MalwareViz
Malwr

https://www.malwareviz.com/static/html/MalwareViz_5aeaa53340a281074fcb539967438e3f.html


Imphash: 2d24325daea16e770eb82fa6774d70f1
MalwareViz
Malwr



Imphash: 0d72b49ed68430225595cc1efb43ced9
MalwareViz
Malwr



Imphash: 959711e93a68941639fd8b7fba3ca28f
MalwareViz
Malwr



 Imphash: 4cec0085b43f40b4743dc218c585f2ec
MalwareViz
Malwr



Imphash: 3b10d6b16f135c366fc8e88cba49bc6c
MalwareViz
Malwr



Imphash: 4f0aca83dfe82b02bbecce448ce8be00
MalwareViz
Malwr


Imphash: ee22b62aa3a63b7c17316d219d555891
MalwareViz
Malwr


Imphash: a1a42f57ff30983efda08b68fedd3cfc
MalwareViz
Malwr




Imphash: 7276a74b59de5761801b35c672c9ccb4
MalwareViz
Malwr


No comments:

Post a Comment