Overview

overview

8

Static

static

CF天心�...c2.exe

windows7-x64

7

CF天心�...c2.exe

windows10-2004-x64

8

艾艾软件园.url

windows7-x64

1

艾艾软件园.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79f857f2462f667565577cc6f48f3456bf7edc8df5d1f2c5ee879b91a40b8112

  • Size

    1.5MB

  • Sample

    221124-3fpldafd73

  • MD5

    2d4512e1312883d9a6a2a0eb0886a160

  • SHA1

    dbd062465ae456b0891ef3952b621a2f1e3e3191

  • SHA256

    79f857f2462f667565577cc6f48f3456bf7edc8df5d1f2c5ee879b91a40b8112

  • SHA512

    f4220745153e8f215e59ab4fe6a364751c773bc37223f83608740c54c0b1c68d2db7ac63620a6363f0314aae3f11016cf2828c0dcea081138e1872989272cdcf

  • SSDEEP

    24576:QUfscob62td2SN94x8kZwH0n3Tv7+CM16/EAGQG862/NElykPTrLbgKQ+ATN397m:QUBaLtgSN92ZQYO68oGmkrnQ+ATR97EV

Score
8/10
persistence

Malware Config

Targets

    • Target

      CF天心简洁版全能工具Vc2.exe

    • Size

      1.8MB

    • MD5

      9a3aad8d873e636505269ded79d3c7d6

    • SHA1

      063b45f33c3dc5a3d7b91f322fdc7da09f8fbb34

    • SHA256

      5673aba18908dc2eca8ca9b32ea95f50245c5b6c992e1532268949aa08bb90d4

    • SHA512

      b40f8f625ded22fd99610c15d3aa609647017604b5270f3cbae9439223c6b4e2d989c62f8e3d5b22a040a6543eb2aef79689a0a866cdd42570d4efadb8f8c96f

    • SSDEEP

      49152:+pSiaMcB3SjvtzeItQPerQ6RmtMRDlfkNfv0qDK5:+pSppBiJzhQPe/Dlfk9v0qe5

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      艾艾软件园.url

    • Size

      205B

    • MD5

      75cdf710a1e5a1622a18202480f58cdb

    • SHA1

      6c6ba6622aa65f9c9f04e8779efcb627465eb6d2

    • SHA256

      8cab5f470f701142fd3d2df08ae4f25b6e790c7ad3271cdda4b4d3ecfcae058b

    • SHA512

      4f0d9ad7b6aa30e736008bb71486a65b8b497c363735573fad6886115e7754f28e0a002449c113f5d32d5fae723b150c50433ae84082bda633f3459f07e4457d

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks