General
-
Target
1b2bc5e892dc850638286810f2052f14a09a13d5838906c44c6b83480e12a553
-
Size
885KB
-
Sample
220607-yadjpsefbp
-
MD5
3194807169253663df84e18eebaa4a9f
-
SHA1
79b105e7bc4a15ac8512c2365880c3fd69d3cd32
-
SHA256
1b2bc5e892dc850638286810f2052f14a09a13d5838906c44c6b83480e12a553
-
SHA512
a42c78a4a32336aa963df6dcb47f97e6420f7cf355852f4f37d31afa2a4b01d3305668cc7ed133821ddec36945a4637ddadc7cc360af53e4137ec505c9f60c02
Static task
static1
Behavioral task
behavioral1
Sample
?????????????/??????.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?????????????/??????.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
1/????.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
1/????.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
1/www.xiaodao.la.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
?????????????/??????.url
-
Size
219B
-
MD5
122e953f3a92541c27cc62db2d9bb0f7
-
SHA1
5c85d98b4bce0daac9631297ddb00b005161d131
-
SHA256
5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
-
SHA512
77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score6/10-
Adds Run key to start application
-
-
-
Target
1/????.EXE
-
Size
108KB
-
MD5
4896192ec4694990e55771cb62319761
-
SHA1
13c06c5419936f9afa253935f6cc36f0cd5f918c
-
SHA256
12961fc98232445adc5166ef4b5394f8b0400e3b04aceb4aac481692e222e48b
-
SHA512
bb7057e4530e4f4538809873bfd556a1ffbbb1b2841a93498b43d8ff5c3a98ce0aa3999a9213aaa2f4182cb30f9ee444ccac89015ef841e40e5325736056fd6f
Score1/10 -
-
-
Target
1/www.xiaodao.la.dll
-
Size
1.8MB
-
MD5
9e32a63292efcf3bc85001b842a93bb0
-
SHA1
ff2e9512bfcc337707ececa1c8e341b44528215f
-
SHA256
51d0a9c432e39a64aeb84fb705f769086c45de724393880c1aaebaf84c924217
-
SHA512
63dac8b93f0d54d3b52bc3b8c79efcedbc5a6f9ee305e342f9c5515821bc7edd6a73c75ee6d1a51f10d7548969c44c791210629fbad7129545291e881842edc6
-
Modifies firewall policy service
-
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
-
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
-