9c847da06ad56db0c5524c2e08519f1dd243ffe42cb995521ea90165df320ff1 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

466s/ASP30...��.url

windows7-x64

1

466s/ASP30...��.url

windows10-2004-x64

1

466s/ASP30...��.url

windows7-x64

1

466s/ASP30...��.url

windows10-2004-x64

1

466s/soft2009435.exe

windows7-x64

8

466s/soft2009435.exe

windows10-2004-x64

8

Sharing

General

Target

9c847da06ad56db0c5524c2e08519f1dd243ffe42cb995521ea90165df320ff1
Size

1.5MB
Sample

221124-gfqmsafe4x
MD5

ec499b705ce2a3daeaad688f13eba1f8
SHA1

bd3954c12f69ffb8f1094a9f0678a7bc8daf79d2
SHA256

9c847da06ad56db0c5524c2e08519f1dd243ffe42cb995521ea90165df320ff1
SHA512

9fae9c9c90be8b0da8aefec4508811973d2388bf9e5bca321e21bdd030907acb35fdbbab02f2d15a0ef96f4e012928a1d0436967b126acd5d87267e0a5cadd21
SSDEEP

49152:oHUk5maATdsU2aF8cA4H622ODQDBbC3aNDM0:oH8sUBFjA4H622ODQDB+3aVM0

Score

8^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

466s/ASP300使用注意.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

466s/ASP300使用注意.url

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

466s/ASP300工具条.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

466s/ASP300工具条.url

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

466s/soft2009435.exe

Resource

win7-20220901-en

discovery evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral6

Sample

466s/soft2009435.exe

Resource

win10v2004-20220901-en

discovery evasion persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  466s/ASP300使用注意.url
- Size
  
  168B
- MD5
  
  41acb5ee0158e4a484bbaa8aef52cc31
- SHA1
  
  3e5cec16f21c34c807047c20f1af181b6d9a4d11
- SHA256
  
  91d6a10be0f66b87d5eee1fec83f99ba252bce8b24c48a7f8fd7f2c9ec95a708
- SHA512
  
  b3e7b07d346237a93a894594f17a4cffa9485a9d1f3c38cf792dca44a9a26385dab9893c2e58c02c74ca41cdbb964bf3f3fc556f89a222668f590da08a5cdbaf
Score

1^/10
behavioral1 behavioral2
- Target
  
  466s/ASP300工具条.url
- Size
  
  176B
- MD5
  
  ddedba8e1feb502f819be7718be66e78
- SHA1
  
  9088c3f475c9f91b940a58c36b29594a03276d7b
- SHA256
  
  38f045bfe4628f58759a210e975974c08fb80dbb8b6e149165060b109fe12859
- SHA512
  
  16b11a50fada08f85dbe400566695e7df7471743517ff53cd502e0cdc1e13456e165730559f36a36f6ac467bba8361f79e50d85bce3321623a1423a1c6b00ca1
Score

1^/10
behavioral3 behavioral4
- Target
  
  466s/soft2009435.exe
- Size
  
  1.5MB
- MD5
  
  ba1cdcbc4e19e97719acc9c459678e23
- SHA1
  
  12866d2b407873b918899cd0d145ad25a0bb3fe6
- SHA256
  
  733c71bab6a2fc290b5a380182f79d0163419fad4fbeb1a5de44daf3e3aa45f9
- SHA512
  
  fbab611e0a4bdbfe5777a8a75cf6ccab6405b4e7ad9d8224bb4cdcb12ea3173cf77465456fc7987156fee8b33286d4978f096ce95c786f3fdaf7e6869eb51a1c
- SSDEEP
  
  49152:IM4eRvjqnB/igTYN3efKMG0rrORTcQdB0pP:oeZdgTg3exlylipP
Score

8^/10

discovery evasion persistence trojan
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discoveryevasionpersistencetrojan

behavioral6

discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy