Overview

overview

9

Static

static

9

更多系�...�.html

windows7-x64

1

更多系�...�.html

windows10-2004-x64

1

q779596940_Setup.exe

windows7-x64

9

q779596940_Setup.exe

windows10-2004-x64

远程监�...em.dll

windows7-x64

3

远程监�...em.dll

windows10-2004-x64

3

远程监�...ma.exe

windows7-x64

3

远程监�...ma.exe

windows10-2004-x64

3

远程监�...ib.exe

windows7-x64

3

远程监�...ib.exe

windows10-2004-x64

3

远程监�...ip.exe

windows7-x64

1

远程监�...ip.exe

windows10-2004-x64

1

远程监控/dp1.dll

windows7-x64

3

远程监控/dp1.dll

windows10-2004-x64

3

远程监�...72.exe

windows7-x64

8

远程监�...72.exe

windows10-2004-x64

8

远程监�...ln.dll

windows7-x64

1

远程监�...ln.dll

windows10-2004-x64

1

远程监�...��.exe

windows7-x64

3

远程监�...��.exe

windows10-2004-x64

3

远程监�...��.exe

windows7-x64

1

远程监�...��.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14a3894cd6a6e321d3a07c5b7a2bd22cad174f55feef3b6b6e2279fc5ea66ee8

  • Size

    7.0MB

  • Sample

    221123-xfrg3seh52

  • MD5

    6726cbe4e3327950bd213e39435e2ed8

  • SHA1

    f058f257b475b2f9bc33a0575eb3018fbd15c544

  • SHA256

    14a3894cd6a6e321d3a07c5b7a2bd22cad174f55feef3b6b6e2279fc5ea66ee8

  • SHA512

    33cb25e30dd7f636b4e8c0c24d037ea1e8b06cd83e8a299f08a690a52d238c21637511c6bf3ba9b6e05ed7c077c1e53d43182a9b820d3119787bdf21eaaff31d

  • SSDEEP

    196608:75ySsFJpY+hIRu+F/O3ZhUgUzmDUO5ySsRqk:7rsFs+h6LiwwYOrsRB

Score
9/10
upx

Malware Config

Targets

    • Target

      更多系统软件下载.html

    • Size

      410B

    • MD5

      7bb7ae902ffeb8c37fe00b88fe68c1e7

    • SHA1

      c839f12d71b57aafbdbd7bca481e9438e8801579

    • SHA256

      8d518dfe520c4464fe9fd28724ae8d9700ab0a6e5a648f9be8a85a526b095c87

    • SHA512

      46ccd91f2d826b19b272c1440b5f8ef7c96261e0ed8cc40d064a0ddc547400e8c35831280999ab37fb7df2a525c8c88d1d5f3e36161b0b633249c7f226b66803

    Score
    1/10
    behavioral1behavioral2

    • Target

      q779596940_Setup.exe

    • Size

      761KB

    • MD5

      4cb3b6c7cbada76bd1acb02e676d913c

    • SHA1

      c9f2744a5241f41c7a69415fd4156d7bcc75c52f

    • SHA256

      eac294a3965f23fd83025dd8eaf2ca86b6299725dc2cceb24803bbd6b8d3ce4a

    • SHA512

      e6e8fa2c7cdcd33c664fbb1829f75104b2108ce49946433e5fb1a3d8788ea6ad26573c34bbcd9da0863e7a3545f6f97143287d732f066cad3032abcd7b5155d5

    • SSDEEP

      12288:/vfC4yEFa4+hvIi3GoyGyN0+p2C/wFOehxoT2r4imqpa2nGZjwtAJU3fatGVWbZG:/vfVDFa4+hv7GoyGyN0+3/yOIY2rhnGs

    Score
    9/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      远程监控/LZMA/Plugins/System.dll

    • Size

      10KB

    • MD5

      0c8ea8e6637bbf8408104e672d78ba45

    • SHA1

      c231c7acaf9abb7da93f28e1b71bed164d57103e

    • SHA256

      509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

    • SHA512

      ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

    • SSDEEP

      192:+OSsJI/rqmIDNLU0dq51EgAiNbubv68LZ:QHQQ0d01Egbq768

    Score
    3/10
    behavioral5behavioral6

    • Target

      远程监控/LZMA/Stubs/lzma

    • Size

      38KB

    • MD5

      775d7a348a4fcb8eca288eb49409cd71

    • SHA1

      154b11656fb024eb9db898b9ff6de5892a18bae7

    • SHA256

      d0f58218a9bc51451b1c442e0ece151455b99e4c7a8e3a424693dae9bc89dfee

    • SHA512

      0e33028f4487e47e95cd8d862d2dfd20243f4c18ff6f2f6a0174539bc385e1c7fe64ec956f44bd61d7f5982cae4f16e9bc5707f9d5e5c49730ccbd38ed48c2fd

    • SSDEEP

      768:do8V6JE2W6aCEzK6rbpwSKIUY0TdyHIUlXyBFbPJh6S9a6ai:PYJE25aDNXUY6u94PJh6k

    Score
    3/10
    behavioral7behavioral8

    • Target

      远程监控/LZMA/Stubs/zlib

    • Size

      39KB

    • MD5

      7aa7ff7f94ed9375c416a062f264aa03

    • SHA1

      50a9ba6190a2e950ae76a6d230bd9265328ea151

    • SHA256

      a3e1ee3fc049380c7cfcd7607e0f3c3e98a01e30b588473614aadb0ac999419a

    • SHA512

      1eace089a368f7a3a59dfe8e95341f41a3db96c9b06d2d6bb753b5a3d723c0985b007d0d0196ceb90f31da337f20fba45a6fb6a8d1a1871c9c6e94ba656f4cb4

    • SSDEEP

      768:Hc9EFPN+xU+cdRuQi5a1KuzLKSh/5yDgJD6dNBFbPJ/6w9ayai:89EH867i5aZKfDgJq1PJ/6W

    Score
    3/10
    behavioral10behavioral9

    • Target

      远程监控/LZMA/zip.exe

    • Size

      451KB

    • MD5

      83565b9f7cfef8963a9abeeb342d609d

    • SHA1

      1fb1b87b03e18e8c6fd8a87170193b4042d05c00

    • SHA256

      79d9e7bf6dd404530752209002e5352e5988b8dbc79958fc20ac0141a73d19d2

    • SHA512

      4cef69c3b6325ef6ddf1e40c60f2c63db9e1f9452f049abd3eace2609fe0d5401ed6d3cebae5ec7019c1361a5151d75e17e7c13ff6ae2181af2f56dc35f413c3

    • SSDEEP

      12288:8cwb8leqQOtzbtd9U817dygf08ulPVwknXYgZCiq0eT:8cwbzqpzT77d7f08uXtYmCH0eT

    Score
    1/10
    behavioral11behavioral12

    • Target

      远程监控/dp1.fne

    • Size

      124KB

    • MD5

      a062fbf36321864ac8e7e2e408ff0d90

    • SHA1

      8cc46a09096eb373e5e01d7547f108eb09bbac9d

    • SHA256

      249a27ede8d0fbd3e5dd89b9150d1215c7ae1dc2f137db5a67cee44e6b5c0431

    • SHA512

      2ddb24f7f9a6f6b17b4ac3a5e0b4cfe9424a710ef34c7918754bcd4acff8ff41e043c2e8ab829da42d2e4a80cc45b59f309253833ba3d7329ba79d7fc7128819

    • SSDEEP

      1536:mZZhM+fWvw1CEb18ANf6T/BLL+UTMoV51oFN2w:mZZu4WvjEbTkLlV51o5

    Score
    3/10
    behavioral13behavioral14

    • Target

      远程监控/hbf72.exe

    • Size

      3.6MB

    • MD5

      c07eb32fbd1ab2b529d062f3ee296bda

    • SHA1

      cdfea71939c7a7a61f8522ff8f6601a8b008eeb0

    • SHA256

      58b3cfbdec632419682a288e6c035e9e5d6329d0b759d6882df712b9236d0ae8

    • SHA512

      ca42a3ca881a59e558bcec5a92ef294115fc23a99518d51869462e6a7bd55baa3be6ebeeb00ce1460201a0e06eca1d2e737db023c5d0ec0b76df8880f9a9bc08

    • SSDEEP

      98304:LNfwcXZ3c8XaGEbJpk6elrO47rzgyS7qEM0jHL8AQYpGBhRjB:6qppETNSrOE1iqqjHL86QBhX

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      远程监控/krnln.fnr

    • Size

      406KB

    • MD5

      6aea0226a87d8d144963ab68b02009ac

    • SHA1

      6dcc3d247ac8e872c8cfb7db73e1de1032fc6b11

    • SHA256

      ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173

    • SHA512

      d171cb12715b1952d4f214780472668d57604e1f4efba798f1a84dab633ab39a95830ec80dee4a7abfa5969ea4d472f21f54d99ff480d02660c41e3f9489af4a

    • SSDEEP

      12288:7RrQLhYW3kv/eT2TEjXqYZsEVUyXe5U1:7Rkuv/jEuYaKUaey1

    Score
    1/10
    behavioral17behavioral18

    • Target

      远程监控/主控端备份.bak

    • Size

      315KB

    • MD5

      b4bf173787b6b8da8b2270d010520f4f

    • SHA1

      e2c5df21bbf3e6477936c91b1ace2b03637371c1

    • SHA256

      fca64a65722bfc0769cd59e26bf07b337492ab74f71e9865b5f5daf4ddf62467

    • SHA512

      d0e2b77bf757bc1ad63d31bf5a304be0e093214296eaeb1d6db0be7538ea357f0fec8487e61e535d8880e4a8642b829a385005f9253163a79f839566076ba845

    • SSDEEP

      6144:lhRpa8P4auAQ3YWp5cbGlmXCCv7NoKJFHENqmVTXDHI9zHoS1DP:LaKJgFp5gqmXCI7ZHUqWTD+lDP

    Score
    3/10
    behavioral19behavioral20

    • Target

      远程监控/附_文件捆绑器.exe

    • Size

      67KB

    • MD5

      754e600e0311ddf228ee593e81621247

    • SHA1

      967f1a28c1f47eaa1dab8adc16e4ff2db5883c8b

    • SHA256

      e374ed00a23f2eed76d0b00d0daa06b635d579768befdfd46e0edcda838d7527

    • SHA512

      4b74f367f21e0c7a9ef6017eed1e0599237b1af050231d5055a617503f2609afb3be4ab1b666ac18ed0682c82bedfbe4457ae5b04a88c8497145e95d5928fa3b

    • SSDEEP

      768:rDw1J//vo+rj/vo+OixZBVi6LEafZVJJ0IVyJrvAGXTTa70VrM:I1V3omj3oxuLPPyBIGXTTa70O

    Score
    1/10
    behavioral21behavioral22

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks