Overview

overview

9

Static

static

6

[Dev] ¿á...¾.url

windows7_x64

1

[Dev] ¿á...¾.url

windows10_x64

[Dev] ¿á...QA.exe

windows7_x64

8

[Dev] ¿á...QA.exe

windows10_x64

8

[Dev] ¿á...32.dll

windows7_x64

1

[Dev] ¿á...32.dll

windows10_x64

1

[Dev] ¿á...b1.dll

windows7_x64

3

[Dev] ¿á...b1.dll

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    __Q Air [_____].zip

  • Size

    5.4MB

  • Sample

    200807-whgzvb1y16

  • MD5

    1d9d4d633e35986a838c48f4330f02b4

  • SHA1

    426c9fd36d41c69e80d31d8d783710e6dad4f8ef

  • SHA256

    341a30be185f9984fc4fb3328b8846f97499259f35a6d98abe32532b2c2516af

  • SHA512

    fa67cbf2a48dc7706e268fb840a0151ac1dc96d6bfebca077d767ee3d083e79b8f822996497d3e14a70f9a2cca1070c44bac0df8b5ade9d8ad026737bb511909

Score
9/10

Malware Config

Targets

    • Target

      [Dev] ¿áQ Air [Õýʽ°æ]/¹Ù·½ÍøÕ¾.url

    • Size

      113B

    • MD5

      90aa8423402de05ef4d511d9c4f5470c

    • SHA1

      0d4506efea1006d8f88a6b6deae55ebb80f9e7d7

    • SHA256

      c5b44f40a62541faee02b4598703647637a6866b839aa9c7daa53af63d04968f

    • SHA512

      160a0c9750c95884285733c34e0311139902f76e29f8c898e95ec915743abb3336948fdbd5677cf5d79df097de5f5daa2bd82c7be7a31a70095e9e692a7fd673

    Score
    1/10
    behavioral1behavioral2

    • Target

      [Dev] ¿áQ Air [Õýʽ°æ]/¿áQ Air/CQA.exe

    • Size

      5.6MB

    • MD5

      6aa36f386a3e645f67cd6945374b8ea8

    • SHA1

      17f6d3dedfd6afe56135d3a2e7ae3a7d120151ca

    • SHA256

      39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9

    • SHA512

      87f59bb1a8d6887fa967d811e2db70c2bfb9bf9673347c6bada2d03f1e3371fbe05e7853a063a90df71627f9ea803d83c71c89b88859199f5a28e2c05e38d706

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      [Dev] ¿áQ Air [Õýʽ°æ]/¿áQ Air/bin/libeay32.dll

    • Size

      1.3MB

    • MD5

      075b70241383faefb0fe44d07090eaf0

    • SHA1

      ba59b7df027bfc04f3add8c08bc408a927acc32a

    • SHA256

      e886954dda4cecdf16fdf8c45d5062692c2051dac2b0f4a8e288480ff9b99b61

    • SHA512

      aade3d10d2d956f5f1742695f01f969d8476cae078d4caacb20f6e63ccdee6c14f5e8c5a5ffbee63f23d1deff3db24b414a445b88e8c73038d7e7a66dcce9c95

    Score
    1/10
    behavioral5behavioral6

    • Target

      [Dev] ¿áQ Air [Õýʽ°æ]/¿áQ Air/bin/zlib1.dll

    • Size

      105KB

    • MD5

      b8a9e91134e7c89440a0f95470d5e47b

    • SHA1

      3cbcee30fc0a7e9807931bc0dafceb627042bfc9

    • SHA256

      42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71

    • SHA512

      e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54

    Score
    9/10

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks