Overview

overview

7

Static

static

搜索利刃 v3.2.exe

windows7-x64

7

搜索利刃 v3.2.exe

windows10-2004-x64

7

西西软件园.url

windows7-x64

1

西西软件园.url

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    980931ec2b34ef8408e3f3ef47b73f85d3470bb9d662206334e31b585f74de8b

  • Size

    1.3MB

  • Sample

    221124-fwdsgsbc68

  • MD5

    ddb59a3ccdd40022d6db39e09c837f70

  • SHA1

    bc4772673a75b10a3ec2e0e914330eba1e3fea5d

  • SHA256

    980931ec2b34ef8408e3f3ef47b73f85d3470bb9d662206334e31b585f74de8b

  • SHA512

    a1df6f16f20b74a452f86e7330e8c32037dad8ded6d3463af45d824c59cb76bffbc292dce642b6a9aba82bccd837e742dbcb7116d4b7953b72f5016fb0f32fbc

  • SSDEEP

    24576:QnANWviDIkjsRn/sPZHUXoSTK9Ezv/GVjAhZnlgq9TjL+dF3GGFmUtjye:mIqiDIkwRkBHUm9Ezve6OdQGwAt

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      搜索利刃 v3.2.exe

    • Size

      1.4MB

    • MD5

      b3b58316d04d7c947d1041c1268c150d

    • SHA1

      9f21e538b2a00aff4ed87ffbaf23da8285b3456f

    • SHA256

      7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

    • SHA512

      7efb64792ecfdcc8d5ecd1c76e261b3e03f86aa4f8a4a8a02ebca9356d3a9d903a550079cdfaff10af8ba5c2267f1069ce0521c0ed5ec9861a9bb4943d4760ec

    • SSDEEP

      24576:7wgANAvijIgVsRYO6rw2yKidN0dnG2SUYPudf3i3j1ji:PIQijIgCRYVrw9HdNWVpGuE3j1ji

    Score
    7/10
    bootkitevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      西西软件园.url

    • Size

      186B

    • MD5

      c58f99c11bc89589b8e5bff2a3547eeb

    • SHA1

      54d0677c972552c5740b5a8abcd51efea7407f76

    • SHA256

      bfa6f76b8e9aa48447598f0034270b3063dab331ea12b06a86cb379886b0de54

    • SHA512

      68beedc2307e982f97fd4b92ebb1e91c5b855dc60f8955d70760653494bf3912b6ba081b92e454c63de58b23b6622c60df4c744fe54cd96c34411bf9b51eeef5

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks