General
-
Target
980931ec2b34ef8408e3f3ef47b73f85d3470bb9d662206334e31b585f74de8b
-
Size
1.3MB
-
Sample
221124-fwdsgsbc68
-
MD5
ddb59a3ccdd40022d6db39e09c837f70
-
SHA1
bc4772673a75b10a3ec2e0e914330eba1e3fea5d
-
SHA256
980931ec2b34ef8408e3f3ef47b73f85d3470bb9d662206334e31b585f74de8b
-
SHA512
a1df6f16f20b74a452f86e7330e8c32037dad8ded6d3463af45d824c59cb76bffbc292dce642b6a9aba82bccd837e742dbcb7116d4b7953b72f5016fb0f32fbc
-
SSDEEP
24576:QnANWviDIkjsRn/sPZHUXoSTK9Ezv/GVjAhZnlgq9TjL+dF3GGFmUtjye:mIqiDIkwRkBHUm9Ezve6OdQGwAt
Static task
static1
Behavioral task
behavioral1
Sample
搜索利刃 v3.2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
搜索利刃 v3.2.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
西西软件园.url
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
西西软件园.url
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
搜索利刃 v3.2.exe
-
Size
1.4MB
-
MD5
b3b58316d04d7c947d1041c1268c150d
-
SHA1
9f21e538b2a00aff4ed87ffbaf23da8285b3456f
-
SHA256
7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39
-
SHA512
7efb64792ecfdcc8d5ecd1c76e261b3e03f86aa4f8a4a8a02ebca9356d3a9d903a550079cdfaff10af8ba5c2267f1069ce0521c0ed5ec9861a9bb4943d4760ec
-
SSDEEP
24576:7wgANAvijIgVsRYO6rw2yKidN0dnG2SUYPudf3i3j1ji:PIQijIgCRYVrw9HdNWVpGuE3j1ji
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
西西软件园.url
-
Size
186B
-
MD5
c58f99c11bc89589b8e5bff2a3547eeb
-
SHA1
54d0677c972552c5740b5a8abcd51efea7407f76
-
SHA256
bfa6f76b8e9aa48447598f0034270b3063dab331ea12b06a86cb379886b0de54
-
SHA512
68beedc2307e982f97fd4b92ebb1e91c5b855dc60f8955d70760653494bf3912b6ba081b92e454c63de58b23b6622c60df4c744fe54cd96c34411bf9b51eeef5
Score1/10 -