507f7c8f26eec818cb3677891b189cd1561aff5e8ec39674d278f02655badd4c | Triage

Sharing

General

Target

507f7c8f26eec818cb3677891b189cd1561aff5e8ec39674d278f02655badd4c
Size

2.1MB
Sample

221124-h5dj7abc7z
MD5

831dd704dc53e058c45dd036f6975bc9
SHA1

2c3b38e4afd1298cddb8e3fb36d0d00d8987d5f1
SHA256

507f7c8f26eec818cb3677891b189cd1561aff5e8ec39674d278f02655badd4c
SHA512

923c7341b9234a4a33581d74c7f561b169edb43835e49b4304c2a11328f844aa01c6d7423bbde7c6302f732e57a07bc847dd5769e888b033b55ce4807574dbce
SSDEEP

49152:0OTgL3D5CQOKIYw1gf6OXWtbukAebenct46O2:0PAQLcm6Ocbu9cqR2

Score

9^/10

upx

Malware Config

Targets

- Target
  
  解压桌面再运行/data/IgnoreGc.dll
- Size
  
  2.5MB
- MD5
  
  3776e9d1aaed726c48322fca3fbf7007
- SHA1
  
  892e9ef3d437eca57b5d749572091b211c2266db
- SHA256
  
  703204f9d88ed5593adedd6b52128b56c8985bcaa0cef9b288dab444b7269f09
- SHA512
  
  610de040ff136f168d771e159aa1ace56ae5d1e84f14e9a1d9479be113e16fd8f0874abb9b2343e07e805a93220ce1c0b7476ae5dcd0f64488d2247360531173
- SSDEEP
  
  49152:Usx2KsYrPyTZaqdwk0c05HGieg+s8KuqGaX0ToIBAUZLY9ie:FsJYrPyYqdwkLcHHIJBAUZLK
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  解压桌面再运行/data/IgnoreGc.exe
- Size
  
  2.5MB
- MD5
  
  3776e9d1aaed726c48322fca3fbf7007
- SHA1
  
  892e9ef3d437eca57b5d749572091b211c2266db
- SHA256
  
  703204f9d88ed5593adedd6b52128b56c8985bcaa0cef9b288dab444b7269f09
- SHA512
  
  610de040ff136f168d771e159aa1ace56ae5d1e84f14e9a1d9479be113e16fd8f0874abb9b2343e07e805a93220ce1c0b7476ae5dcd0f64488d2247360531173
- SSDEEP
  
  49152:Usx2KsYrPyTZaqdwk0c05HGieg+s8KuqGaX0ToIBAUZLY9ie:FsJYrPyYqdwkLcHHIJBAUZLK
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  解压桌面再运行/data/SkinH_EL.dll
- Size
  
  86KB
- MD5
  
  147127382e001f495d1842ee7a9e7912
- SHA1
  
  92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
- SHA256
  
  edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
- SHA512
  
  97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
- SSDEEP
  
  1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  解压桌面再运行/data/大壮.dll
- Size
  
  120KB
- MD5
  
  b4c2caaa15d4e505ad2858ab15eafb58
- SHA1
  
  a1c30a4d016f1c6bd3bf50e36767af8af166d59b
- SHA256
  
  93e03eadd330242f2394c15cd32857194e5b80f6300835ef77f8558ca70a2ef1
- SHA512
  
  09b5903a579685522a521cec3b6026ab0d7b9cff3099f032254dbd2b48fbbdd9a7411c0765049784c64f520d41916e681cae206a736b4fab1868f449e84b4bf2
- SSDEEP
  
  1536:cUU7FTrfzWIyoR78127s7jxrWwv6beIt//Xj8iooji4/Tjf5Q:PwpqIyoR7X7sntvoeItXXjBoojrf5Q
Score

1^/10
behavioral7 behavioral8
- Target
  
  解压桌面再运行/易幽无限背包 by：易幽团队-WIFI.exe
- Size
  
  539KB
- MD5
  
  999c453ac6b2c9e821e4f9bd8ae0f160
- SHA1
  
  88e9896366c17dc937d90720947f18a7ec073fb7
- SHA256
  
  2492a4d655e77b70f0e770198ba2337b05c69f0bb7dbbfb880a0a3ce1c130c19
- SHA512
  
  0a40023a17f02722f8b9dc454f01bc1bbeb48c0f6836c723a04e3a093a0a494b63b01440f7b05904b85d065b8e2c1d9f1368242ba1ee8cb1920df541cc4e984d
- SSDEEP
  
  12288:kZ5NgVuLT+0t5pkG+BRwpDvGKO2P4br76c5nk8i:knN9PUBRwpDvGKO2Ab/pFk8i
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10