cf7b7ab4b0e8c086a1ab1453a59c4f2fcffb4c172bc260b76cccb6620a1bfc85 | Triage

Sharing

General

Target

cf7b7ab4b0e8c086a1ab1453a59c4f2fcffb4c172bc260b76cccb6620a1bfc85
Size

2.9MB
Sample

221123-tbhslagf5y
MD5

ce470d15cb1af0f7a7aa3da6de1bf9be
SHA1

a5b9514c256df8131cc4cc196d9feb2561ad1c1a
SHA256

cf7b7ab4b0e8c086a1ab1453a59c4f2fcffb4c172bc260b76cccb6620a1bfc85
SHA512

65379938535dcde203a9fe5103914d1b477d3ce73bfc1993662e5e2c89cf0588b5a500d87b24ac2c33a96913c48417a4671cdd85baa5a600bd66007e54607121
SSDEEP

49152:+Z5SkG887B7Vye29Zo+NrmVrp1agD3L5fZcE+sZdqMOJKeZIPmwBqNAxqCf+d:S5SKKVVyv9lrmVr3agD3wkSMWKz+wBqf

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  服务器软件.url
- Size
  
  122B
- MD5
  
  0e34045b283798bf75b1298823c0564e
- SHA1
  
  ec8fceede59360fd171b90e62ee34f1fdab5a5f6
- SHA256
  
  39f1bd81b14b7499162d49f9c55b11ca6eaecd43da7c16177fc3f70f10eb896f
- SHA512
  
  1fc29e69f2155f07e07f4517d4c93c9bcdf353b41bd9f7b75d3c33bf9a2d2b091c4a1f17856335369e9d2dcce2971290876e5887bf5c7494cdd3b5b5be2c067e
Score

1^/10
behavioral1 behavioral2
- Target
  
  脚本之家.url
- Size
  
  179B
- MD5
  
  4cd77170219eef75a9b80093d2f07e36
- SHA1
  
  5278826e134458ce821f007903442811730515f3
- SHA256
  
  b83c06b9e79c55ddce8d2b5a9a389f875ffee2957df783bca7f5d9abb835be4b
- SHA512
  
  e01a41f79eead75fad040824a4719567e83bc16ec5a46caae6c85ef7f54e6c33819bec008a53ee855414056572a1b2720ebe05a8ccfbb70e558b879362f2b4b4
Score

1^/10
behavioral3 behavioral4
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CRACK.exe
- Size
  
  1.5MB
- MD5
  
  8f242164405cd8dd7be8921f6b627701
- SHA1
  
  caf08f15ededa33c14228d313f824cb7a50a6865
- SHA256
  
  794e0210db9e81e4bbda949773a278e6a5dcfc3ff88e4c3d45493a90d1a555f8
- SHA512
  
  ca0ef40bb62264d60610cf2ae10bb28e643a3e9fc3a2e22628b4f1138c4fa141d215791790b0f8463c14309d5ce28a5a81938d5b64b261fea6830e85b08eed7d
- SSDEEP
  
  24576:B9I81bci/CI2iz3vlMxNkJ5kfsvKHingfL1HSp1IiHGwrrJKqZEu4bp0xit3C+Xh:TIubci/8C5k4KHqgj14nVJKqZCFCUN
Score

7^/10

bootkit persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll
- Size
  
  94KB
- MD5
  
  723769ad7b14edb2ea8a8d9121fde1c4
- SHA1
  
  be98d6f2862a8d06e599ec961670ebc63965b840
- SHA256
  
  876a3715784b3b6ca4493eab2e573bca99fd632e1f7be0e0a9fb00219094fb50
- SHA512
  
  6cc4899eb5bdbfc723d18633692ed8f92082cae7eec79c1f3606ced79c5edf41b30bae4b05af490ffbb6098cdb7ed715f1fa23a68027a40f4692fb3313aa7b7e
- SSDEEP
  
  1536:iUqXwQIvdCl+ffCKh3b1s2XZFZK0Nc65IfbT6Rq05cst2x1HuHfJ5f0Mubar:IwVGQCC3ps2X3ZK0GtfbT6RP5lQuHxeu
Score

1^/10
behavioral7 behavioral8
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckVer1.dll
- Size
  
  87KB
- MD5
  
  73106f02c701e7ac7d4539ab60ceebdc
- SHA1
  
  2aa7a8cd1b925923af5486b0981bb1ef2f6ac4e6
- SHA256
  
  3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a
- SHA512
  
  0c7fd80106819ca4149fb67d5139742861d1139dfeb77925bd113ea7fc30a81fc90ea4a41451e9c0d3bfd83b75fd2627d88c0363d70abb42e5867869e09bd27d
- SSDEEP
  
  1536:mjqjoQQLyIie3SCMDaaUyuMX1EFGg9lu3qZJQLDIwzDKrVHOmWSEZ9:VopLT/fMWaruMlEdbu3qZJQLDIwvKrpe
Score

1^/10
behavioral10 behavioral9
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/Desklog.dll
- Size
  
  2KB
- MD5
  
  e5eb2ec0c30504c930fce9174af6e181
- SHA1
  
  5d9318f3115c188a6848399325e894b7acbfbd38
- SHA256
  
  ca748ee3283b92cdcc57e5956ff7777007a4a8c39bd4f2431a71d04b5f3330b8
- SHA512
  
  612f6441e6494c719bd27a6ccb715734725b277a856c5e72e24d943ce6bac13f4ce14f66983d82a8a94ab54564eeed593161715f392fc3a9382e7af5d90207ff
Score

1^/10
behavioral11 behavioral12
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/GetInfo.dll
- Size
  
  41KB
- MD5
  
  6c9ded46c89d7f323976d021d9f2cfc3
- SHA1
  
  ca413c9b0e4f2b937e196c8d914c24ed18b13b4d
- SHA256
  
  56dabeb5edcb98556d8e9df07745c1bf7e82ae6c02d927ff3de2748741a5cfb0
- SHA512
  
  98f1d2645d4b20f9fb52332bbf52132d8d2aad4f4cc74cf760293be656f27160312029a7fc9c353fdf315ae7104cf71ef99299e4aa5f6d29373e45a736fa507e
- SSDEEP
  
  768:WCpqOQdwHPoBuUSdB6zW/U9Bok+VN5KvwEW3XkjTkd4Btd8VeGi6B8xZ:RpqOQYM9SzsoBBta78E96mxZ
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral13 behavioral14
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/crakc_YLCA.exe
- Size
  
  1.8MB
- MD5
  
  44d254bca3439481adfdfbbce7da412d
- SHA1
  
  fddcff5bbdeac666dca4ba8fb0ef656a27aed4d3
- SHA256
  
  f693468ab8c06b35ef0bad04074831ed750019c4ab082517fbfd0c4fdcf83f52
- SHA512
  
  95e1c3ae849c2b23c172badc8787e47da21195dec7f60e92967cafc8c841d327bc8b0f0da7856bae09dc03f7e72d4b99928108c7b77bc884235a31af388fe1d4
- SSDEEP
  
  24576:dJ0VE9yjrSTWQAsWl61pHRS3TvSuXrKMYxBuLvBeMIjxjumXplFSUul2hCWsLTxq:0NCW61p0WEKXdPjZFIwhXITxKC9
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral15 behavioral16
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/qqqf.exe
- Size
  
  1.8MB
- MD5
  
  49e6da97d4300e6de99f251d442ba59d
- SHA1
  
  c51dee669f143257ee99c79ee1fc5a07de2778fb
- SHA256
  
  268094ce81859231caf513484b4ca334a82bc637511fa6bcb7f3bf13ffc89cc5
- SHA512
  
  7a70e2388c369f585e1d3ba3955cba1a0dd1a1cfb12e9277600ca49ae2dd2d7e5d8a979788935cf3e69a87561079cc7b32217114f71de9b0f111ba78ea13202e
- SSDEEP
  
  24576:dJ0VE9yjrSTWQAsWl61pHRS3TvSuXrKMYxBuLvBeMIjxjumXplFSUul2MC4sLTxq:0NCW61p0WEKXdPjZFIwM1ITxKC9
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe
- Size
  
  47KB
- MD5
  
  3cdb3182f51828d1a15331f090b3d85c
- SHA1
  
  03808d0b19c46d0194ba1401335ef3c0d22ac2a6
- SHA256
  
  7bc043493ec68037750e82887dec7c3caad313879b2a93034898b466e871fd81
- SHA512
  
  5d24720f699bc4ad1af77a2e792fd0cce951025a613fa2d2b348e7980214baf5eeccbffa354944ffccee5b64b57287b268a76a263ac4d58d2c42f3b1747d39dc
- SSDEEP
  
  768:we3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJaVgd2iZQAm6kRRS+NoJRnuT4b:33cpyORJLuB4P4AJJMgdLeAyN14
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistence

behavioral6

bootkitpersistence

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

bootkitpersistence

behavioral14

bootkitpersistence

behavioral15

bootkitpersistence

behavioral16

bootkitpersistence

behavioral17

bootkitpersistence

behavioral18

bootkitpersistence

behavioral19

behavioral20