General
-
Target
宝妈做任务单被骗27万聊天记录曝光.rar
-
Size
623KB
-
Sample
211205-bednyaeeg7
-
MD5
3590cd0211742a869177f4641e4172e1
-
SHA1
67385b620d490aeef09c77f025be8f0628a76717
-
SHA256
1727f053b510b8de505a6f8ca1f7a7214ca1525e556a600ca890af00eccae81d
-
SHA512
ce8051450fd9722b135dbe2f6a7acf24165c2f3f3d1180098abeb10711ca088769dbd466dc120c703fc337b364f334c468e3f719dd0a6ce192dc4eab52a7b903
Static task
static1
Behavioral task
behavioral1
Sample
宝妈做任务单被骗27万聊天记录曝光.com.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
宝妈做任务单被骗27万聊天记录曝光.com.exe
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
宝妈做任务单被骗27万聊天记录曝光.com
-
Size
820KB
-
MD5
11985a5f1baa69c64d43dd67eee3b95f
-
SHA1
a579cc38d40fbc39d9d14d4b290cdeec433b0c45
-
SHA256
8f83e16612f5fd5db6d74da7a9de542becd19a52b3916380235c32adbf50ee7e
-
SHA512
d40113b6b467d7b3890be76dd34d831e7141171e3253c6d724e9e92b4138dfb93af7bfa336a240e25a333546860dab856b9942c95b4fbfd8ca55dd79696ba2ce
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-