Overview

overview

8

Static

static

8

Admin.exe

windows7-x64

8

Admin.exe

windows10-2004-x64

CMCC.exe

windows7-x64

8

CMCC.exe

windows10-2004-x64

8

Ping.exe

windows7-x64

8

Ping.exe

windows10-2004-x64

8

Pon521.exe

windows7-x64

8

Pon521.exe

windows10-2004-x64

8

PtFtp.exe

windows7-x64

8

PtFtp.exe

windows10-2004-x64

8

SKD742-C.exe

windows7-x64

8

SKD742-C.exe

windows10-2004-x64

8

SecureCRT.exe

windows7-x64

8

SecureCRT.exe

windows10-2004-x64

8

TelnetONU.exe

windows7-x64

8

TelnetONU.exe

windows10-2004-x64

8

User.exe

windows7-x64

8

User.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0144e2332f61b55f9053d9de8fa7deddd7e311518331e38fa1d4f11b4eb54d11

  • Size

    676KB

  • Sample

    220916-khyb7aaham

  • MD5

    e3f2d02a06df0320ef774bcfc9daecbe

  • SHA1

    756872205673ec3ca4921963734f934c1500e451

  • SHA256

    0144e2332f61b55f9053d9de8fa7deddd7e311518331e38fa1d4f11b4eb54d11

  • SHA512

    6eeb77c0838446153f84f988659b28314e2e8cd227cf3c89587799dbbb9330b5ca2e094ba821c9587c0c0f6516cf7542f51925eb511de7778d474063a436a800

  • SSDEEP

    12288:YLxk2ZulfObXEAfikJQKTpHBj3QSaEWBKlkKIpSoNHcAEW1DJjFqIcae+d3CoTzc:Y+2ZulfOboKTpHBbxWBa5IIoqAfNFFde

Score
8/10
upx

Malware Config

Targets

    • Target

      Admin.exe

    • Size

      105KB

    • MD5

      fc8af211dd45ed49e1b07a5101b732b3

    • SHA1

      89015678edbf392907268f5a789b75fefe4d5d1e

    • SHA256

      2b298a57dfe3d971a3b27fc2e63081ecb7bf45477ea7365a76f6625e623a7573

    • SHA512

      4bc6eadbf69d40179495051ec1632b59f779e3a4e12f6281e1e2bf03b8a5e19e14e358c9ba98766d0a2fb9fa16fc95dbff29ff3a199ce6ea6eac353e17c3023f

    • SSDEEP

      3072:5B9wUGYQN2XD6UdlMoutuD/MM086dAHXhaaRQuXX:5wUdX/MoSuAM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      CMCC.exe

    • Size

      104KB

    • MD5

      1a6f054f9e6c1664f28a7bb58318317f

    • SHA1

      5f93cdca63cfc508f4b99af0eb6947bd43623eb2

    • SHA256

      57bc4477da749874902c4b3ecceafeb2f57555156c64dd19fad7819d6d9fa70e

    • SHA512

      de2390a5b72daba534a133c986d4f5dc1cc713d09cfd9852ed58fdaee80250e2879b1dda310701805f7776724f5c2dc9572d63217a035544c62f99037f9cd685

    • SSDEEP

      3072:nVZ/VGS7rN+6mOoutUD/MM086dAHXhaaRQuXAu:nV28o3OoSUAM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      Ping.exe

    • Size

      51KB

    • MD5

      e133f452a43e815db1c739efb9634015

    • SHA1

      05e339f408e38dcd70f2a99de25ea5ee14b3ee21

    • SHA256

      3d4dfafe4ffae3f6c9b2d6008306b6b8dd2442da0346d07e18cd0acc9adaece2

    • SHA512

      9ba5378340f556029e7906c1c48e483976b25602c6ddedeef736ca25084fcd93e8b57501a7dc40346429ae0095a17faa9c72aace69621daf2cc51817b8de0c08

    • SSDEEP

      1536:TEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7Ugx0nouy8sDO:pB9wUGYQN2XD6Udv6outs

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Pon521.exe

    • Size

      105KB

    • MD5

      6a1e28ca4d61417b5f5949ff32100742

    • SHA1

      6b9c11d15feead7a96767453226cd9751af920c8

    • SHA256

      06a14ebdc7d76feb2fd547077d96a627f2c1d30264f097d2c8f7a499844310ea

    • SHA512

      e201591195df577955e943df107deefd256a2f65543bcc370deece2bed64a58d529061311aa8c7518cbdfa8e8eae3993292a5882bd7fa93b6c02645d7823f3e6

    • SSDEEP

      3072:UB9wUGYQN2XD6UddoutD4D/MM086dAHXhaaRQuXT:UwUdXvoSD4AM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      PtFtp.exe

    • Size

      105KB

    • MD5

      60de0561ae3c5abf73df0158beab8a45

    • SHA1

      9157646d78d88a9664371b0b98adf0045ccd76cb

    • SHA256

      327b97c8556c372de1838f47995e7b7abdc72834aeab7abdbdef8f6ec04e782a

    • SHA512

      e11d900c3f828b43ef56cd693b355f5075722f191c3d897c76712d57654894d861df67b3abc3d64b6c180fdbe17c0ddfb4d063868a661c4c1fdcb5a6eb28b141

    • SSDEEP

      3072:nB9wUGYQN2XD6Udaout6D/MM086dAHXhaaRQuXf:nwUdXMoS6AM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral9behavioral10

    • Target

      SKD742-C.exe

    • Size

      106KB

    • MD5

      0f1b8b17969f6dc66f15efea9f5c7e70

    • SHA1

      4f121e370ee756109d51bf9227200bb591cb3c20

    • SHA256

      b9ec4ce2969cef670f2ec182a5f64de79440d7d4f42bc10260dbee0b53490ae1

    • SHA512

      75a3097c46b4ed4fb2e1a6a8c66649f778fdefcee66af75c841af565ef5a0bfb110a96a5476819552b2ddac84476cbcc06d3c38069a6748ac65829ca77305a8a

    • SSDEEP

      3072:1B9wUGYQN2XD6Udi9outcD/MM086dAHXhaaRQuXv:1wUdXM9oScAM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      SecureCRT.exe

    • Size

      54KB

    • MD5

      42a194fa2503ed18271ca6983f95df79

    • SHA1

      b2f792bc3686f93ee0350f5260d04a38db0bd78a

    • SHA256

      18cd28c0fd1c0b12877a0737c064bf71ade7fe04220b017ccbc0f91af5bce4e3

    • SHA512

      ae5a0285acd87b3991ddaed21d9bd96e85c8531305eca25dcf51837f5a0f12adc55f2e48901d98bfde2ad2f1b5af4cb4468f08e51a696c4c49e54bae685ff502

    • SSDEEP

      1536:PpfEKNCj6VoJl9Go5K7s4Nu31nouy80BlZRO:PVZ/VGS7rN+tout0B7

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      TelnetONU.exe

    • Size

      47KB

    • MD5

      af5b86722a8206c151eabdbf27e494fb

    • SHA1

      9033d53c59f0c90acb88e603b24fcf0d8384a562

    • SHA256

      05983b1b682b2b51f3ff93dd09a725debac0d3c0976dbb31fadd433aa2a2b42f

    • SHA512

      af2e09fb8bc08d98658552773efb4cd6fd6750d1a0c944892f04f38685b0b042493082d9b2636fa22946c1767f8095f1c66118e2cd6d5f2cd4f8083be6b9fd7b

    • SSDEEP

      768:apm7BcEKNvBcvL6VeRNL1a6ZO4PTPz+o+CKr3zQ4NuVVWgP4+zMI3sntjnbcuyDc:apfEKNCj6VoJl9Go5K7s4Nu3GI8ntjn9

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      User.exe

    • Size

      105KB

    • MD5

      92caf82c2861e8ad515671e35118796b

    • SHA1

      0c77c46b5b27f607f3dd774bdb64a231f5404f1f

    • SHA256

      7a9e0234b18a406cb8893d8af049a38e7451cd7bfb4204ce3ebee94b2eacc389

    • SHA512

      fa40690d3aa936334b7c5cbc1f4bb35c761ac8090ff9d3386f35ca46f5ab5ed32e6934fe0e4ab7af00559e1f8386717dd5e64cf633141128957a7ad1dfc8afa5

    • SSDEEP

      3072:oB9wUGYQN2XD6Ud4umoutlD/MM086dAHXhaaRQuX5:owUdXEoSlAM086QXhaaRQuX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

MITRE ATT&CK Enterprise v6

Tasks