General
-
Target
469f9bbfef09aacf2d01cd4c9fc390ebc6051b321acd3d6961d3a6d056711c78
-
Size
26.8MB
-
Sample
221123-vwl67ada9y
-
MD5
804835ade6b2c5f6fd035b7bdb45a907
-
SHA1
5eaf3d88fd078fd906ca31f23628db3900a5df0a
-
SHA256
469f9bbfef09aacf2d01cd4c9fc390ebc6051b321acd3d6961d3a6d056711c78
-
SHA512
e89f4ca452dd9cc4c39bf5ea5e37b39af65e215f523cbcbc9615f7c27912fa1b6c4148d60bb90097e2e93e8bee06d3543823e399d00fbde65f33b2a7651bbf64
-
SSDEEP
786432:d9AEGTaeHiU1lz4S62Ao906FMqKuvcUJzoB5swy9WofZZrdKfqNAW:dLqaTQl8X89dC3icUJM0wufL4yNAW
Malware Config
Targets
-
-
Target
67pp-hero测试登陆器3.exe
-
Size
6.3MB
-
MD5
69e05e4ac5a40426d9f2286890238dd1
-
SHA1
fa70a10a90e7003b1cbb2ab4bf8287f4e7a21f6a
-
SHA256
f47d71970548deda04a04a0fdce34c0101368c169c2440443436e1506ea2b305
-
SHA512
f8f09493af710136b848c649782be7b2c10ac0a4d0c0e15588a0d3f90d4679fc5d9e1eaedfea02c1760ae397d859c6ccb17796d6b61b00c1b44b3028dcc6c713
-
SSDEEP
98304:hIK9LWysFLmdrIpXP8tM1Y3kHHm6SPCIkHY/:nRWysFL6UZk61Y3YHBIR
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/67pp服务端下载站.url
-
Size
129B
-
MD5
f131f67f2af1d3821c2ab1314556bab5
-
SHA1
2f0a66474957cd99688b0959eb56115fb2fcdcf8
-
SHA256
c03e6fcc897a341354433deb62efcf11527774664b6504fba98ce129c21f0bc7
-
SHA512
cff596023f75d884a26fd2ab30ea3f87f7d4808a3cc4963cfcb68643b3241f42a221189499701fbd86331c15f4cc3381159e52a051d09e4c2c43436c62037319
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/DBServer/67pp服务端下载站.url
-
Size
129B
-
MD5
f131f67f2af1d3821c2ab1314556bab5
-
SHA1
2f0a66474957cd99688b0959eb56115fb2fcdcf8
-
SHA256
c03e6fcc897a341354433deb62efcf11527774664b6504fba98ce129c21f0bc7
-
SHA512
cff596023f75d884a26fd2ab30ea3f87f7d4808a3cc4963cfcb68643b3241f42a221189499701fbd86331c15f4cc3381159e52a051d09e4c2c43436c62037319
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/DBServer/DBServer.exe
-
Size
382KB
-
MD5
d7a8eec0e18be329c93bd2095f0df1f7
-
SHA1
f2b90bd2c0013ee4a518ad130bc481606dd9e3f1
-
SHA256
3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922
-
SHA512
8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871
-
SSDEEP
6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/GameCenter.exe
-
Size
267KB
-
MD5
935ed40f01658ce10baef215912a3422
-
SHA1
43042f9bd9586e3a0c41a6370c1cefbf198168fa
-
SHA256
eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba
-
SHA512
a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c
-
SSDEEP
6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/LogServer/LogDataServer.exe
-
Size
421KB
-
MD5
e8fae6abd9cfc6f32821f5c7366ea64f
-
SHA1
e18ba551f9ed5a258e6bb8efca394f3aff1cb246
-
SHA256
1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3
-
SHA512
acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098
-
SSDEEP
6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/LoginGate/LoginGate.exe
-
Size
212KB
-
MD5
700f370afb01ec1e2d5be6d92ca30dcf
-
SHA1
2366dada79cf49b1802962d387107637099ff3f9
-
SHA256
30aaa1a59c1b295e26fcff124e5b8474458d6c972de4f36982105ca37f63a0d0
-
SHA512
e61c8a08089d25b4ff2bf46e4c0c6df0c1992d7158cf5bc9212adb096daec0f6edc2669d5a5678be86b6e42581b03521a64d9347ef5fb54066220ccddcfb7ad9
-
SSDEEP
3072:G7v5I31Wr7Rm2pfna1vES43tkM3wQPyfrdHDOilQAM0csASL5Nqg3JnIZ:G9g1WrkRES4Z3wJxDJqh0cs3UIN
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/LoginSrv/LoginSrv.exe
-
Size
246KB
-
MD5
7f5de1ca3a879695e175b4e4261eb5f4
-
SHA1
90f89b980c62e8de88fd4a880ede6117981b8139
-
SHA256
92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8
-
SHA512
febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485
-
SSDEEP
6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/Mir200/67pp服务端下载站.url
-
Size
129B
-
MD5
f131f67f2af1d3821c2ab1314556bab5
-
SHA1
2f0a66474957cd99688b0959eb56115fb2fcdcf8
-
SHA256
c03e6fcc897a341354433deb62efcf11527774664b6504fba98ce129c21f0bc7
-
SHA512
cff596023f75d884a26fd2ab30ea3f87f7d4808a3cc4963cfcb68643b3241f42a221189499701fbd86331c15f4cc3381159e52a051d09e4c2c43436c62037319
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/Mir200/IPLocal.dll
-
Size
167KB
-
MD5
bbf62130e7a5966a2b7b89411ad335c8
-
SHA1
9f6a0af9525cc6b6df479d3d511e06200571c1b5
-
SHA256
da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
-
SHA512
52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
-
SSDEEP
3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/Mir200/M2Server.exe
-
Size
1.1MB
-
MD5
a8975a2b638082e995e6f1556856f4c9
-
SHA1
acf4d679af45fb33320d87ad366b6acd444e2e61
-
SHA256
eedec2679961ea4ec1ef35c3e666f2b476135a1e6a7569778fa972bf79cfbc17
-
SHA512
166869ede17a541352006917613f04e6a99b6584032682aa2604d43d69858e9825351e44df8f385cc08ddab338b122c1add08d24c236dee7d95d1a5e1ede0c5e
-
SSDEEP
24576:bkKXzQni7id+1AOLFf60z84x+AhU6t1GNw2+MqPkjr:YKDQi7xjLFf60AcMskjr
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/RunGate/67pp服务端下载站.url
-
Size
129B
-
MD5
f131f67f2af1d3821c2ab1314556bab5
-
SHA1
2f0a66474957cd99688b0959eb56115fb2fcdcf8
-
SHA256
c03e6fcc897a341354433deb62efcf11527774664b6504fba98ce129c21f0bc7
-
SHA512
cff596023f75d884a26fd2ab30ea3f87f7d4808a3cc4963cfcb68643b3241f42a221189499701fbd86331c15f4cc3381159e52a051d09e4c2c43436c62037319
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/RunGate/RunGate.exe
-
Size
735KB
-
MD5
849710c7e376436435023d82fe45fa42
-
SHA1
60876119ab8a011378443515d4e4f74a057b1806
-
SHA256
41d16008ea64c13e737d734d2e091653ca5cd4ac42516a061dbdf32309d29220
-
SHA512
1264fcac963268638e53b27c695b31466d8f30ae52c66e5e2379f458c26d25971b0061ca2f2d9c0be532c7a5d5e5f43f98d9fb1e8659c87625b20f000131f7ef
-
SSDEEP
12288:Ie6Zh57bNM+BKQ3BrbuE9mU0ZmRE/1XK4ybr0yV:f63k+BPveUE+EtLer3V
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/SelGate/SelGate.exe
-
Size
218KB
-
MD5
39b168c63ff9ff7c7c038764408f0ed5
-
SHA1
9505ec9a042d613977c13aafc393699bae3723b5
-
SHA256
3def74e6ad351b323f45d426810453da6cd2f3a62e357662e4bdf0f7e8e4347a
-
SHA512
12442affa0cac2576dc2cd3132087cf92c53db927d10b2aeda86db8325b6251c9a2a6e02e1f38b488d6f3fa21bdd3ae6ce348f9bb09501b9a89e5e7730f15e41
-
SSDEEP
6144:omX8IUzaCM2XUImekpnQGgTICzHgaKcxhxOdpF:ZX8IkMxvek9QGgIMHgaKcF4
Score1/10 -
-
-
Target
正在开区独家1.85主宰皓月古墓元素版(HERO引挚)/MirServer/配套网站/index.html
-
Size
7KB
-
MD5
090201e1674e23678003b528d996fa94
-
SHA1
c5fe3db5b18c00bf43e24436b1ba6a092ed4e0da
-
SHA256
75921f6a1ec2671378dc8ee48880bb631813290fb875aeb4d2fa73150fdd9194
-
SHA512
80a9219085aa5bc5d964b1d0676572c631ada3dc0e54c5c2ada20f258b136bc7a8fb18f94342405dfaba8b85f9ad10914f18997bc0cfabd61dce83699404f8c7
-
SSDEEP
192:gvBYpY2fU/Fc/at3k/wD/HVfwy5W+ee0Aou1+Xbxgw5nuNkHIu:gCyFtTW+ee0AouSbTVuNmIu
Score1/10 -