Overview

overview

8

Static

static

lpk.dll

windows7-x64

8

lpk.dll

windows10-2004-x64

8

小零CF�...��.exe

windows7-x64

8

小零CF�...��.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf817584e077a538f32e3208aa09ce3bc004458952dbf41bce109cec69acbb52

  • Size

    2.0MB

  • Sample

    221123-wxhqtsgb4z

  • MD5

    5fcb604719a387b294287af899290572

  • SHA1

    2ed061c58c621f453ad39d745c4adc5e9a770c80

  • SHA256

    cf817584e077a538f32e3208aa09ce3bc004458952dbf41bce109cec69acbb52

  • SHA512

    0b02978763aa1cc98573bb75b95ab3233d23c0f9b96bc0174991357863d7e471ede81ceaaaa55f7498408777651aa0160d42a8c68625b0811e7b20a471a53208

  • SSDEEP

    49152:CK28FsOAxcnYpmvn6JbVDuIWa+u63pKdnHFIMA+uRJKN1O:CV8aZc/YQIW1pKdHKDiy

Score
8/10
upx

Malware Config

Targets

    • Target

      lpk.dll

    • Size

      46KB

    • MD5

      149695dd08b7389308b0d0bfb40f47b7

    • SHA1

      22082f21d78e21b24623ecb06d13fd15fa53ca3b

    • SHA256

      a1eb4f7ab9832baf68862cdfa2ae4c2571880af513d9e942f70c781e22cf4ba9

    • SHA512

      f65fe00bb21b80da14a5544970cbb2493b92747aefbd1f33355f3154092fe931b663440bd65d2bec7645f54ee3556825239a4f3bc9ec434c02d728f836f07e18

    • SSDEEP

      768:hojY9PKi9eebwtwGYNrihCp2+UGj0W3eE1Y2ahjKQyzkojY9Po:0mJeebwtwLp27GjV3P1Yd2QyzVmg

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      小零CF刷枪软件.exe

    • Size

      2.9MB

    • MD5

      d616505f7137307a82f5ef6898d86aa5

    • SHA1

      1711aec7d7c2bc1203221d7f7673c10d3d555cac

    • SHA256

      b9676044c94b5efd97f0acf5ad73630000727c81ff18739b918cee784d4266cb

    • SHA512

      71583fbb779af554022ff298325d412fcfc37ea5ff95409f6f4823a2cc059aa9c637534b92e8917b3baa189a574ddc31d651a961fff735680de60ccf9cda0c4b

    • SSDEEP

      49152:4/P27NMFsI10AYF5vC7iMb1yaQSQZ8VwSyv:ae5MFufvCuaQS7VwS8

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks