Overview

overview

8

Static

static

8

121210破�...ld.dll

windows7-x64

8

121210破�...ld.dll

windows10-2004-x64

8

121210破�...pk.dll

windows7-x64

8

121210破�...pk.dll

windows10-2004-x64

8

121210破�...mp.exe

windows7-x64

8

121210破�...mp.exe

windows10-2004-x64

8

121210破�...ip.exe

windows7-x64

8

121210破�...ip.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dca64d707c9cc9c8750725efe711ce56501ce681040e88371f3b0f98acee5de

  • Size

    5.3MB

  • Sample

    221123-v6evvsba58

  • MD5

    347a47dd3f2d27c72e8656d693368148

  • SHA1

    cc6925f15eb243ff49dd5ac9a997563112a4a077

  • SHA256

    2dca64d707c9cc9c8750725efe711ce56501ce681040e88371f3b0f98acee5de

  • SHA512

    6aa7ec34de3605c0b3a10b19db66e2f43faa23877e0f218cbede598aee2e9ff758c91e8f74102f177e6bbfd596fe1f9db6c3022d3461ba39a710a0839f6e9285

  • SSDEEP

    98304:8T4iMIP0zlHnhad4c/ryQDvuP12S2fFoyr7+XcNWlF88QXXdOv4FdHS:06HEqczTa6JPgcNWl28wXdOwy

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      121210破简单vip/JDG_build.dll

    • Size

      625KB

    • MD5

      843c7aa1246d167b66b1cd9f096f0ed2

    • SHA1

      744892e3d847c690fc44d06e5ee9b7e9a9d87f20

    • SHA256

      d0d7029938aa06bafbd6ea296353cb3ac4bf61da2f9a1b218b4d1d98d8f6a412

    • SHA512

      328833c87fa658e58903c55ef8745f140393953552c6c245e58d8724a2212cc0e22f2b67b06cf1b3a10faf3517ff71c3506314ef94048727048b52f8798defdc

    • SSDEEP

      12288:Ox+3aBp9fj9PgB1WB3nxGr3v98Izlr+CNXlnd7DnzN+tmMK6LVBCSx9jNqO91:k5RjpR8lBRr+CTnzAtXK6LKW

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      121210破简单vip/lpk.dll

    • Size

      46KB

    • MD5

      d2b777a93719e548d0baf4c886e124d3

    • SHA1

      55e328477afc3005e24222456ee874a5e43955f9

    • SHA256

      28085a4341c06951fac8a483a38f501f017332fcecadc69d2154533a8dab6042

    • SHA512

      12d2bacf141ff327f5e5a78910ba6f91343094506f0606e2afdec707bdc3be4fa06884231de6e909f4f6028a359b91c7045e96df84bc34f3108231194c33921a

    • SSDEEP

      768:hojY9PfJdMmJyj0Ml+oi/XSpSZbVfDnoWyHaojY9Po:0mnJdMmJyDl+tVZloWyHjmg

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      121210破简单vip/简单vip破解补丁.vmp.exe

    • Size

      376KB

    • MD5

      685493b4cebf734897b281dcb20dee32

    • SHA1

      52c15a43515692eb9c707479429c07058d4b49be

    • SHA256

      2ca139c675c82f4697fb5a80ed62d257a48b1af9e3a88e40ae42ae412f30727a

    • SHA512

      e40378129f2952b5b7145a78928696568e3631b0965c412c2e290caa8194c02c3c8d1f71c63ea4e0c871464bbe20146ad88e338a4b4e591c6a519bb790dba1ea

    • SSDEEP

      6144:BSmPzsGUWC7bZfxJDAfe99lUsfByNBPkgsfUJYOUdez47PgtNr6iZQ6MrR5cUN83:BSmrtYZfxJDAfe93vfBSFkW2ukwN6yAq

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

    • Target

      121210破简单vip/简單挂个人版vip.exe

    • Size

      4.3MB

    • MD5

      f1d3d13a25c6197d74bdecfadb62b4e1

    • SHA1

      55639e0635cfe3a376096441e64e7499b9d0671b

    • SHA256

      aacbf02bb66e4f1257539258af2a111203d6126f5578d7bd34213f0f51125592

    • SHA512

      0c255fc18b839ad898a9d86036063993bee7244f1ba4f98fea35a167ad0f16bc229988d2b1f839141b37ca83afbc4a19685f974466749f37e4df40d9024e8aa2

    • SSDEEP

      98304:usvERX3LYPBnvECaOwvB0GYadHrUh5BtBFZhOy79Tsoi:huHmBnvECZmefh5bBh9T1

    Score
    8/10
    vmprotect

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks