General
-
Target
5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c
-
Size
785KB
-
Sample
221001-qdfjgahafn
-
MD5
0a18c645928f3dbc3e1237b3c52e5cf5
-
SHA1
6bc775b711cab91897b08647a4b130a19774f6f6
-
SHA256
5f2d2046c126e49e308b4e452aabf04b6201edcf6a6bcdb9e0a927110434196c
-
SHA512
9fd361727b8f57d3c590a4112cc2bab6974c3b4f54bac022f69f24c52036832a2f63e1d4141a29ff04261ca0d71a8fca302c3c66fb120eb144ddfbb7c2ae2cff
-
SSDEEP
24576:8X3xV8SlG8AxT4/Kp2s5SyZUk6zRVnghcUUP+Rket:8n4EG16KpIUgPGF
Static task
static1
Behavioral task
behavioral1
Sample
点击安装(飞机)简体中文语言包_v34.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
点击安装(飞机)简体中文语言包_v34.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
英文客户基本聊天用语4d.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
英文客户基本聊天用语4d.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
话术大全@88.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
话术大全@88.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
资金盘切客前的裂变话术@.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
点击安装(飞机)简体中文语言包_v34.exe
-
Size
111KB
-
MD5
cefc0e9cacf1aaa6fd238739d2c73778
-
SHA1
79d801453e0985157c15667b7c5b4dccee202c01
-
SHA256
1e893be559a9628d4fc10ba009ecec9640f9b01db2162d7cf003a1ce10b247cd
-
SHA512
9107d86a951a055cf558303a95bb565d867ff05d6d92dc3fc68489758ab87e6f514370361f14763acd81ab31f3dba099c5da443189e784b8a0c5355a74c2b275
-
SSDEEP
1536:u5nBnqbxKJ38W2wUa0STkuWBzsIE9guaj6qxGfSVR1hSGYH+8VJ3uc9dlSfjgfsM:wJ3nnU1zLESz6GxVR1h6+8GUU2jisj
Score3/10 -
-
-
Target
英文客户基本聊天用语4d.exe
-
Size
288KB
-
MD5
6dd50e46cde774f81c2d9c2f1dd53286
-
SHA1
ed289db14f1ed2b49befbbde6d50d577c9f00270
-
SHA256
827a9591ae0e0c65c759b2f38aeea2d112bedf1317e2f577d4c4ff800f3468f1
-
SHA512
a759f889023cd730f6def0da96ff7eabf5c55565aff417327a96120dd52891ff771fabbc2fd70e298ab41cb4f84e1d63cbff941f02f2febc442265f841c39373
-
SSDEEP
6144:VFSaxPyF+czKRd6/fTZO4NHbjz7/7ssEPc:VF7xPe+c+ROTTNHblEPc
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
话术大全@88.exe
-
Size
1.6MB
-
MD5
1fcb6b9c98d28336e9f904be5cad1aa6
-
SHA1
5ca27208c8ef301799298db806c627eb8fdcd198
-
SHA256
828e3e4b918f3b8fa8a25d27e5f8bdec593238664f16320cb1bc13f1c3191d11
-
SHA512
ae572425657ed0843bee7e7d75bf4be521d3999f0e37d9bc95726255e6b1c5b664cd17fd3c59d2d7163c942e43a3c2b47ae29061fe5d143d680435ee378649a4
-
SSDEEP
24576:KPQvhAxiAs+5mXS+/JnydHWuyqa9nhC58Kfn4X:KPQZyZ5mXS+/Jny1uhQG
Score4/10 -
-
-
Target
资金盘切客前的裂变话术@.exe
-
Size
560KB
-
MD5
70af047bd1f94a5a73629ef27bde5fab
-
SHA1
61caa47e65ed8a7c68863b608fe3fb71eb85e43f
-
SHA256
e88911e434654723cc1d9a1b248f9c67fe9b96a2259502822ab5634bd7ea184c
-
SHA512
d92d1b9bccd5e0b29b419200a7a29e497240281e554665ec0cf0b1929094615e7f1ffd36144fc78ba7299e1f3d3787e796c0eedf95cb89a022832a875449975e
-
SSDEEP
12288:Qm/xg6QD7AMZ/9WY+iuMMHGHzlkdaaRwz5GQMq+y2vXqsyOtCriP8Wh:hKj/9WYzuMuGTlHcQl2vry+Crih
-
Gh0st RAT payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-