Overview

overview

10

Static

static

兵河五四.exe

windows7-x64

10

兵河五四.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53376a76dade22360f896d929bc9a664c2d350ba6ea520a665b1c78e4cc8f282

  • Size

    26KB

  • Sample

    220923-geh7bahbhm

  • MD5

    8174960e54841a296744331c983f860c

  • SHA1

    8d27d0e383daf2abdf8dc75273a918e903658460

  • SHA256

    53376a76dade22360f896d929bc9a664c2d350ba6ea520a665b1c78e4cc8f282

  • SHA512

    848ea129739722396020aa753bb43c205d53e733691837980f16c66c7518003a6a617ba576079da6032269fdafc8fb2fac89a3e6bedfd375199975c5201b4bed

  • SSDEEP

    768:qHQfBRDLFEoLzvYSOMuLpDoHPqJVNELiP+2oiBK2z50:qHQfBHz1ruLpoHS7NE2xK2z50

Score
10/10
evasion

Malware Config

Targets

    • Target

      兵河五四.exe

    • Size

      83KB

    • MD5

      d95807b22dc5cf5d323bf18172915159

    • SHA1

      cdf4ca83655b8a695274f0f775e2bf0d50923b0f

    • SHA256

      25d9443bf5cbec1449ec6bdee3c638ae3f1a61591af213d0c50e352010389538

    • SHA512

      08a3d5833e0808bb6d1e851eb2a6a097b050c448d043acb1813bcff4da3ee5f23884ea6a0a4a30a60a38ce3a7663e44d309ed2048622d9ce3a3bb076949b6435

    • SSDEEP

      1536:GAT7zA8QK45RlbKxGoy90tytopnpO5JXsEI:GATtQdtKKitaopnpmI

    Score
    10/10
    evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks