General
-
Target
6210910726291456.zip
-
Size
671.5MB
-
Sample
211020-sys2eahca6
-
MD5
8c99ec9fe9c0e850825eacac09be05fb
-
SHA1
ffaf5ff589a1fb6f076b21031d4d83d2b73a997c
-
SHA256
929adcf731e730ee1251eeef8513fd774b1357c1c3e1da4d287722ed778434f9
-
SHA512
20b3ecadd9ba975be6ac7e24f30e24d184d66256360cfcd569e97514070aceeb62cba3c53d1963b3b34cbb45bf99abdeee3cc3b3bebf4416f92796780850bcd6
Malware Config
Targets
-
-
Target
03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3
-
Size
7.0MB
-
MD5
4374755e7ce0c9c64bc1425ae7167bbc
-
SHA1
e2a2fff655b93f687b9f28a52913ebe616a7ba54
-
SHA256
03ff897da4bfb8bc549fdb1ebf7ee940bcb9b57fed7d26d83c45d1e9ec1f40b3
-
SHA512
873bf797f5b3bad34a3243b3dc15937832a0b3004da647e1a8020e47437609ab0791664158d7a9489f2cf6cf91daff59717f9160aa02eec27d41957fd91c6e23
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41
-
Size
7.0MB
-
MD5
d910657c1650393b1cfde998c574f413
-
SHA1
794bea89515536401aa7af5f48af11c5e7a7fc71
-
SHA256
10493d98a6e78b7bbc60a9aae5ce5fa1a67cdace2a6be41740c92e21dcdb5f41
-
SHA512
62dc606f624456cf7fb5c2c2b81b9ab9ee53239ca9182ef4e354f3b15ae8178dcf862395ba4c3bcd62963358dd8409eedc414bddfb83b3ff233c3991baceca42
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67
-
Size
5.4MB
-
MD5
27c2ecaf69cd729d338c091d24864c49
-
SHA1
b175b803f451776a07932e40f7831cf8030699d1
-
SHA256
11747d3247254b7db3fb7d6b8c0b47d21546b208b1573a73ae20f46ca4131e67
-
SHA512
9f90219012c11149ce0c03409db8b25d679daba9dca9c44e27ea22282e036b00272497fb718ba22e2f93d3c268824596bffda09c6b47da6b35f9cf01c7509f21
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
San11 Tc/Doc/Reg/san11_reg.htm
-
Size
8KB
-
MD5
2442dfcffec83a50ba70c60628511e56
-
SHA1
a8714bd7625ad524cf0983433a76550c01fa5e0a
-
SHA256
654ba8d56ca8193ac04928965a8f534fb088202b89bb61dfb5d557e0dad9e1d0
-
SHA512
7011f357a172307e3fd7cc5b71ee78c6f21c037483b71c72e6d84294b5fc28a6b5ee8c53ed05456bd50c818e0c55760913e5eead481530ab8bce606727c20672
Score1/10 -
-
-
Target
San11 Tc/DrvMgt.dll
-
Size
45KB
-
MD5
9b188e6f9fac4b8fb8d536015589df37
-
SHA1
a5247ec0ec50b8f470c93bf23e3f2514c402d5ad
-
SHA256
538471b7ebe7db84153d4ece0012167805333152c2bf1f83c08da28945e6d85b
-
SHA512
a6e2963bd09b0d39f7ca929ae2eba1639e6301a93755bd83f1c853f55c658936585f6171d0376ee4022a84c9be5383f4522cfc8277b51502147d88664c7063dd
Score1/10 -
-
-
Target
San11 Tc/LinkSan11Res.exe
-
Size
2.7MB
-
MD5
db509fc939b15b8f1276ed1c07bb98e7
-
SHA1
faaa5e7aceb02c14bb466320850697bfce0f39a4
-
SHA256
224657b8adef1a3eb9784d924a730751a05f9aa93b48628b1bfa1f058486169d
-
SHA512
f1db7985c312bd7715919506c6736a02f3956b91b6a8f1d75b1a7b693566dbd452e3b160d218a0ccc00645e60dcb06b9af95f5427b69cc67e57ccb16cfb6375d
Score1/10 -
-
-
Target
San11 Tc/S11Launcher.exe
-
Size
1.1MB
-
MD5
5e2be78e285732363a9dd483e5524d03
-
SHA1
f1d3580da8a87938cc5fe10d7e78e6d42e6d5bd1
-
SHA256
478bdfdd028b091ceee9fb54d9bf0805567cd87e1d6e2880046fda5d8fdc903b
-
SHA512
9e5b0e3c366aec158f3492fc9e83185c0d17a8254985606811d3a78d6049dcb4df0ffb77da6b5ee481b3ea00d1d91d81b937019a07b1b214192157b1fb787842
Score1/10 -
-
-
Target
San11 Tc/S11PKLauncher.exe
-
Size
1.1MB
-
MD5
7662056a81cf94ac65b19b0e878fa3ef
-
SHA1
9ab8b09336bc4a8259c8f8194b537d903211fd82
-
SHA256
19eb642299d3d803480bc5e12f7a933171b8dddbaf235caa75bbb0268d74d472
-
SHA512
81a56ef970b4020f338a9fc0d3a0a68d117fe687d9986bee7e549661c1f6b743c7f7d74730c953a0efe7b87daaa6a765c0bd9d69e94953c1d79bc35f0f1a944c
Score1/10 -
-
-
Target
San11 Tc/SECDRV.SYS
-
Size
159KB
-
MD5
07f7f501ad50de2ba2d5842d9b6d6155
-
SHA1
fc6fedacc21a7244975b8f410ff8673285374cc2
-
SHA256
60a8b320ab7d3a329e60911986905c2ca193e83e637976f29c78670dc287a6a8
-
SHA512
f018096adec5edeec9ebf8827e17624ba5d216aa0242b2b9b3630268dc279ca20da5d131b5ea197c4fd2f679b1830b9396cdf1d23d3e152495bef49ebfd87371
Score1/10 -
-
-
Target
San11 Tc/San11.exe
-
Size
5.9MB
-
MD5
07d46200af50166f44ed7208d3c65f67
-
SHA1
d9675b890bd29ff5274358083be77e9e361c7820
-
SHA256
bb0e70d0df97abb44faef927f36c2afe06bba148168aa39cc7dcf13b1ab9f651
-
SHA512
2c0757f14cea6bb7874ba82568ed4fbac61f07231924e2f9e6d26bce7df781e461bc3d9767fce445a701f43baed388929720597ac39f2c36e833dee57bff17c8
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
San11 Tc/san11pk.exe
-
Size
152.5MB
-
MD5
5183312eb33a7556fb5d8de8ca2fae91
-
SHA1
a5181c63f29d6fcf79bdc3d69780109654dd70d1
-
SHA256
30d33b44876b84a8e87570873a86de88c65d2491c7e1cdeeb5883dc4b12feefb
-
SHA512
2959710ac520b8fca69461c03f1206c74e75364c2794c81b4e98aa8e56e291d6816927fdbb38069693f3dca15131eabab2a0d643e555f7fe46db108ee3f9b54e
Score3/10 -
-
-
Target
San11 Tc/开始游戏.exe
-
Size
4.6MB
-
MD5
3d4b53eb549585ee077617f61072c6e7
-
SHA1
f2b4efe06ed35af3daf7b0bb1db302411f93682f
-
SHA256
b4538fc19c0fd8db74795d4983d17044aa722f30030a0501a247b2b195ba6363
-
SHA512
6d04931ec1c97401ec2c6d090594808ef64ff9e55c217235389783ddd0b72bc923c09a4469217699816320340d9242da70f9e5409a5887b7514628e8d4bf3931
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
-
-
Target
23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b
-
Size
3.3MB
-
MD5
4b7efd3940f856057ffe8c16c5381cb3
-
SHA1
0eace6aed81b91ae898e768ad52d7f88ff15ff0d
-
SHA256
23c9e16cc6549ca05d349e7d04805309171cfe8a8426cdb7376f2a41b757a67b
-
SHA512
1b243473f5632dd2bf55c8cce07cea7a09c6cbf99ce4bae59bce7cb15b592db6ace590ba797919564845564d52fc66b3b34ec5bb2477bb81264d6ba06603cc9d
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0
-
Size
7.0MB
-
MD5
4e99a8966d8a05dd8f7032620d9a7a38
-
SHA1
285494be0f47a105a773b0acf49418f2c5f2d84a
-
SHA256
36a18ae31faa401de370fc7c808bd43f5f7af14c9f6f71cbd2aa9f8cca6555d0
-
SHA512
832a3f298124a22b5afdde372e6e8bae4e0528760888fb5eac2b17a1bc555690a6f064420cc5f6633a1cac4633eb615577b6d93821faa389bef9e2e616f5a025
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
-
-
Target
4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4
-
Size
3.8MB
-
MD5
4c423ba66b81db192b360e4f02f38736
-
SHA1
b5da6c2909aeca8e14ec217ba2c17533faf3f8e2
-
SHA256
4109a062b38d66ee7222cd984120e056acd0f5dad490c623f411c8abb18796d4
-
SHA512
bdf9308647c07a8a21350993f57e5441acfd40d2c2825fd840eef7646d4de98bbbe89b85544b8ec3bbde9eb647b9a5408a953e87e70a15dcb7d9d05d3adef058
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
CW3.exe
-
Size
15.4MB
-
MD5
c67252dc22f8b34524d9fcc1256d738d
-
SHA1
56917892ceae7df9056f12b419aa8c5eec3f1bae
-
SHA256
e738a7ee12e2eafb48366e84f8cd089c4433d2a2223954f3642a1c71ce80e456
-
SHA512
351877cc61e747b8b6c24e72a2d183024d6b2e3333be5c47f2efa3941cc2298f972e92d7367226cdf0841fec4ca53fdde3a067ae75b4f5521ef9c5d4feded672
Score1/10 -