General
-
Target
114af1dd41d864d3fc5305adf3847d3183cd70a24b8292bda8ee06b2c6e07428
-
Size
26.7MB
-
Sample
221123-wg1ayaeh4v
-
MD5
a7cb300d1ddd2b1a429e1d26e8de03a8
-
SHA1
453923bdda3c4a71ec680088caf905b0f4b2af6d
-
SHA256
114af1dd41d864d3fc5305adf3847d3183cd70a24b8292bda8ee06b2c6e07428
-
SHA512
b65b0b8355f60956ff55f5a27d47049ff3a0d563eed90c720bba13262b29d8f4f8b1cc4256c34f097b3634f3e90f169c1bacc88f61e0a86dc59a0af3ecdb216d
-
SSDEEP
786432:11vapCSC3SBYbosYwVBub1JEXKG+pGXi1srz/pMqvKBIDdD:11vNSBoFVs1JEDQsrmqvK8x
Malware Config
Targets
-
-
Target
mirserver/DBServer/DBServer.exe
-
Size
382KB
-
MD5
d7a8eec0e18be329c93bd2095f0df1f7
-
SHA1
f2b90bd2c0013ee4a518ad130bc481606dd9e3f1
-
SHA256
3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922
-
SHA512
8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871
-
SSDEEP
6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
mirserver/GameCenter.exe
-
Size
267KB
-
MD5
935ed40f01658ce10baef215912a3422
-
SHA1
43042f9bd9586e3a0c41a6370c1cefbf198168fa
-
SHA256
eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba
-
SHA512
a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c
-
SSDEEP
6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo
Score1/10 -
-
-
Target
mirserver/LogServer/LogDataServer.exe
-
Size
421KB
-
MD5
e8fae6abd9cfc6f32821f5c7366ea64f
-
SHA1
e18ba551f9ed5a258e6bb8efca394f3aff1cb246
-
SHA256
1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3
-
SHA512
acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098
-
SSDEEP
6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl
Score1/10 -
-
-
Target
mirserver/LoginGate/LoginGate.exe
-
Size
1.0MB
-
MD5
0efc550e000028fb8ee442366371cf13
-
SHA1
1367f081aab38a93d7419211d573b70fd9cb697f
-
SHA256
2adf95f3a52c1d8ae9c3719fc83c19fef148f263438bda85e349151f9c928272
-
SHA512
dd43699b02f7a47a2a41539f4b12f436966687dd6803075a69431998e0ee6057d043e85105c0143aa57ebdde4c4ebe10b5ae09ea2202cf8adc90f71f87a2d534
-
SSDEEP
24576:m8uxGnM0RpdCvmTm4F6ONY0pOJrSrxWmAGf/x9M7T7TVvRgJ:mlp0IGCZkO7T5
Score1/10 -
-
-
Target
mirserver/LoginSrv/LoginSrv.exe
-
Size
246KB
-
MD5
7f5de1ca3a879695e175b4e4261eb5f4
-
SHA1
90f89b980c62e8de88fd4a880ede6117981b8139
-
SHA256
92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8
-
SHA512
febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485
-
SSDEEP
6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3
Score1/10 -
-
-
Target
mirserver/LoginSrv/Readme-˵.htm
-
Size
2KB
-
MD5
f2a6a504c4cb797f79e3106308f94de3
-
SHA1
a7d1a768851cd1a28901a4f2cdbc4c8fe4587818
-
SHA256
894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94
-
SHA512
1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5
Score10/10-
Detected phishing page
-
-
-
Target
mirserver/LoginSrv/Ҫϰ汾.htm.url
-
Size
337B
-
MD5
2ef7f0b6e6309ba7d754b3527ac4f01c
-
SHA1
654908cc63abe5c8b7f86f747ed4e311aa3fbd22
-
SHA256
d16166a30c4020e8aaa669473d230744576821aa5c7d0e8c50c01847246ee26d
-
SHA512
7035f85134fc21a0ca732f8bb212c3b95fbd7e812161514389240ae47de3ee7ee85e2e4ae78925af2468948c314342cd2d30c8c20bcc81e703721e910cf18b41
Score1/10 -
-
-
Target
mirserver/LoginSrv/÷.htm.url
-
Size
339B
-
MD5
57dcac38761f0711ad9647254505c59f
-
SHA1
923fcc1e1df7e96eba4ccb0cbd3fb417905ac22e
-
SHA256
d55cc56e3643cd8beef2de7c4d78460691a2e74d00b38dd4dbe75d206cfb7b37
-
SHA512
323534a61a431bbc5c2e81b31f8695105bcb9a0758797167b1242e1b21acbc7a08c310810e29c08ba00f2d7ee66274321d8a4be06c4101fa6a762c72795f3dce
Score1/10 -
-
-
Target
mirserver/LoginSrv/ҵ汾.html.url
-
Size
219B
-
MD5
f35445ab848d712134c56acc416add24
-
SHA1
e065e9cc5113b8c10c2d2806d8e4bb8fae2f12e8
-
SHA256
036c509b99ab644845dda2ab5ab87beb08b42568547951925a03fc5afdca60ed
-
SHA512
ea6bfb5aad2a3c117edb6b54aacefd317da1a644f2e32305a456c2f292136ea1a804b8f259d0c734ea679f9a7cac564f41f277bf2feb84c0880f5c26815579b5
Score1/10 -
-
-
Target
mirserver/LoginSrv/.url
-
Size
134B
-
MD5
ffb7b281fab70a7b786c77de0b166308
-
SHA1
f3519800470fdbc6f621231a85787fda17842ea0
-
SHA256
ae7911a70e8d6185246cb2962ed805b58ebb4afed8073c19d94113f5dbcd3801
-
SHA512
67147df125ae16d0d5441c87ba93311ecebcd0381abc4d66409b9ea261354f53a2edb9cc50375c6a936e59378ca8df24bc599f901632e01da18d599142b84ed6
Score1/10 -
-
-
Target
mirserver/Mir200/000gm.dll
-
Size
784KB
-
MD5
79a3122df2091b4efa2b73aa390ccd77
-
SHA1
5b0ea140c59a8b32e31b99f855a4d7844470817b
-
SHA256
81e4085d381bc9343420993261c54e7fb7c18e1d564a0233835bcd84e8aa8161
-
SHA512
c3ebab2bda7fe0752aa1368ca17ea71849f04e7db0bf10081ec09b2a14c698ac43ebcaf685efeb70af83c6492274746d72724ce7ef71a754ab9c9e2c54caa6ad
-
SSDEEP
6144:JbtnBgJj1/jpXGo5Pm2VRCg+odmWRkctr/lLKnNMxRAzDfgHFhYdC+52KwnOE9iM:JxBgJVTfcg+odJyMg6DA/fNdCMwOhM
Score5/10-
Drops file in System32 directory
-
-
-
Target
mirserver/Mir200/IPLocal.dll
-
Size
167KB
-
MD5
bbf62130e7a5966a2b7b89411ad335c8
-
SHA1
9f6a0af9525cc6b6df479d3d511e06200571c1b5
-
SHA256
da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
-
SHA512
52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
-
SSDEEP
3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK
Score1/10 -
-
-
Target
mirserver/Mir200/M2Server.exe
-
Size
1.1MB
-
MD5
d195231bd76fae92717f768c8ce955a3
-
SHA1
27343d2ca343cc20b9cc50682cd62c9565924773
-
SHA256
16528c7c0a449d3dc3c569ae412886e579b8efe6ce4a27665175b113675f0a79
-
SHA512
3713df142b4cd2d53a80f91e79c5fd1d484e898d37855b47153c5e881eb18149e11c0fb1398b868f0ce5c45baabdc4694d16d6316a0f5d437b0ee20e817b9972
-
SSDEEP
24576:uvf+2nh9rbWn/L9re8IuRRxnPFfSyvsShagqNVYWtyH5n+:u3lwBrlIuRFlv3lgTIn+
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
mirserver/Readme-˵.htm
-
Size
2KB
-
MD5
f2a6a504c4cb797f79e3106308f94de3
-
SHA1
a7d1a768851cd1a28901a4f2cdbc4c8fe4587818
-
SHA256
894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94
-
SHA512
1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5
Score10/10-
Detected phishing page
-
-
-
Target
mirserver/RunGate/Readme-˵.htm
-
Size
2KB
-
MD5
f2a6a504c4cb797f79e3106308f94de3
-
SHA1
a7d1a768851cd1a28901a4f2cdbc4c8fe4587818
-
SHA256
894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94
-
SHA512
1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5
Score10/10-
Detected phishing page
-
-
-
Target
mirserver/RunGate/RunGate.exe
-
Size
953KB
-
MD5
65b08a01fe44c20870c080c29e598396
-
SHA1
d992c51fe8df4b96efe5b0e45c6e7a0b411b2f34
-
SHA256
5ef0df1563395ab90ecdda04cd75a86538c040a593389a3ec8cef6114e16c4fa
-
SHA512
9a1376f8dfef3963cbc729e720ccaba7363ecb525cab76cba25542d75802853e6bb70c6923afeaa27972470801d15ab16d908384d902ce282c18c4862d7bf680
-
SSDEEP
24576:Cl6dwWRiYh9nssF+LbqPyMADUKX92Fka/d+XOmd1qd4YX:ClJWRhLg6qXX8xmdoV
Score1/10 -