Overview

overview

8

Static

static

8

xqjfz/hao1...��.url

windows7-x64

1

xqjfz/hao1...��.url

windows10-2004-x64

1

xqjfz/新�...56.exe

windows7-x64

8

xqjfz/新�...56.exe

windows10-2004-x64

8

xqjfz/�...��.url

windows7-x64

1

xqjfz/�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1bfbd4c5bf0f1f1ad4051a67780014b3c042cfc3d47fc205e85ee7c6f3dc496

  • Size

    5.3MB

  • Sample

    221123-tmaalahe4s

  • MD5

    0b526ec71101bdb6f1b81f7f77e0379f

  • SHA1

    b18a03021ee63ac4d09db1cb21ebaa2412d98165

  • SHA256

    b1bfbd4c5bf0f1f1ad4051a67780014b3c042cfc3d47fc205e85ee7c6f3dc496

  • SHA512

    ee286b61bc0b38c1afc4d7cb9fb08c1080daf285d5397f1cc3b5628e10ff390099c99ba3c36f6cc8d1d7328311ed4b6017eaf5744cf07182240ea69f973a602d

  • SSDEEP

    98304:GrPefYtDbbkoSD6/+NPrnh2t/g+HTgmPg/ukTCWLpp0ogw7XEf8bGH:WjtDbQo9/crneI+HTgmPg/uoCWFp0ogL

Score
8/10
bootkitpersistenceupxvmprotect

Malware Config

Targets

    • Target

      xqjfz/hao123ȫ.url

    • Size

      100B

    • MD5

      f2ff09c9c8945591f0aa60b2a344a2cd

    • SHA1

      8fc21335b5a0a02379adf71472625e0efd23b47e

    • SHA256

      b3c1227116430dd7acd776aca11b0838bcfbbf774b638fe8b79593293642713e

    • SHA512

      f9d99c9de70612d51197ba9f8fd69f6da6dc7827ee833e4899fc137c95bcf77ed7962f8eca2a091b2a45c36f8bcc95338fd2bdf30604315fcd412a4bc3aa6e98

    Score
    1/10
    behavioral1behavioral2

    • Target

      xqjfz/新七剑辅助免费版账号test 密码 123456.exe

    • Size

      9.5MB

    • MD5

      df5837bd6da4e14bf0d6581636d9f523

    • SHA1

      92de8f8a2cff25f219d91071eae01379d4a279f2

    • SHA256

      1aa4c0e2f4d7d810d843e48bb27695ebaf29d5a0444342cb5dd49d90dccd8c0d

    • SHA512

      f6f4de24265881be2af4b4de821032e60eb118f6c4fec39564a89da7469e330155f416a7165e58719c14c94a370812e80960b3d20155f04c5349e73ca78827fa

    • SSDEEP

      196608:C/5nW8hEvRtJzBTH8iVIq03x0RITD27fNM3:C/IvXJzpkq4mITcVY

    Score
    8/10
    bootkitpersistenceupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      xqjfz/.url

    • Size

      110B

    • MD5

      00d0188646aac0447d63c0c7fce22ad9

    • SHA1

      ce4221e6a72d1a80b972a99bc19cc43d482e42aa

    • SHA256

      a9bee66f10a06babf1fe001ac039bacf34420782e5957fd64a8729733277beb2

    • SHA512

      d3ffb393bc8518b7cb9701330a1b5866ba1dbeeec90f2c9eccfb7e056ebb267732e54e15a23b43aeab153d2668c93fce0de92571e92cf4e33b0546aadc23d7a6

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks