Overview

overview

8

Static

static

1

466s/ASP30...��.url

windows7-x64

1

466s/ASP30...��.url

windows10-2004-x64

1

466s/ASP30...��.url

windows7-x64

1

466s/ASP30...��.url

windows10-2004-x64

1

466s/soft2009435.exe

windows7-x64

8

466s/soft2009435.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c847da06ad56db0c5524c2e08519f1dd243ffe42cb995521ea90165df320ff1

  • Size

    1.5MB

  • Sample

    221124-gfqmsafe4x

  • MD5

    ec499b705ce2a3daeaad688f13eba1f8

  • SHA1

    bd3954c12f69ffb8f1094a9f0678a7bc8daf79d2

  • SHA256

    9c847da06ad56db0c5524c2e08519f1dd243ffe42cb995521ea90165df320ff1

  • SHA512

    9fae9c9c90be8b0da8aefec4508811973d2388bf9e5bca321e21bdd030907acb35fdbbab02f2d15a0ef96f4e012928a1d0436967b126acd5d87267e0a5cadd21

  • SSDEEP

    49152:oHUk5maATdsU2aF8cA4H622ODQDBbC3aNDM0:oH8sUBFjA4H622ODQDB+3aVM0

Score
8/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      466s/ASP300使用注意.url

    • Size

      168B

    • MD5

      41acb5ee0158e4a484bbaa8aef52cc31

    • SHA1

      3e5cec16f21c34c807047c20f1af181b6d9a4d11

    • SHA256

      91d6a10be0f66b87d5eee1fec83f99ba252bce8b24c48a7f8fd7f2c9ec95a708

    • SHA512

      b3e7b07d346237a93a894594f17a4cffa9485a9d1f3c38cf792dca44a9a26385dab9893c2e58c02c74ca41cdbb964bf3f3fc556f89a222668f590da08a5cdbaf

    Score
    1/10
    behavioral1behavioral2

    • Target

      466s/ASP300工具条.url

    • Size

      176B

    • MD5

      ddedba8e1feb502f819be7718be66e78

    • SHA1

      9088c3f475c9f91b940a58c36b29594a03276d7b

    • SHA256

      38f045bfe4628f58759a210e975974c08fb80dbb8b6e149165060b109fe12859

    • SHA512

      16b11a50fada08f85dbe400566695e7df7471743517ff53cd502e0cdc1e13456e165730559f36a36f6ac467bba8361f79e50d85bce3321623a1423a1c6b00ca1

    Score
    1/10
    behavioral3behavioral4

    • Target

      466s/soft2009435.exe

    • Size

      1.5MB

    • MD5

      ba1cdcbc4e19e97719acc9c459678e23

    • SHA1

      12866d2b407873b918899cd0d145ad25a0bb3fe6

    • SHA256

      733c71bab6a2fc290b5a380182f79d0163419fad4fbeb1a5de44daf3e3aa45f9

    • SHA512

      fbab611e0a4bdbfe5777a8a75cf6ccab6405b4e7ad9d8224bb4cdcb12ea3173cf77465456fc7987156fee8b33286d4978f096ce95c786f3fdaf7e6869eb51a1c

    • SSDEEP

      49152:IM4eRvjqnB/igTYN3efKMG0rrORTcQdB0pP:oeZdgTg3exlylipP

    Score
    8/10
    discoveryevasionpersistencetrojan

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks