Overview

overview

8

Static

static

8

DekaronJSQ...SQ.exe

windows7-x64

8

DekaronJSQ...SQ.exe

windows10-2004-x64

8

DekaronJSQ...��.exe

windows7-x64

8

DekaronJSQ...��.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b

  • Size

    1.7MB

  • Sample

    221124-hkfh2saa2x

  • MD5

    ffd401bb92fc10b64207a87d60c7d0d9

  • SHA1

    1f92c4496c1da3335b574f24848d36863c7fc469

  • SHA256

    fdc30b3f87f93bf53d5a68dd82e3d7f3999e9c234d55f1a24549b546692dcb3b

  • SHA512

    a20799c43ddde7c4beb00312dcfdb0413c2da3f8a2d57e8b724e4e242cb432ad52899d5afb589f599392c45bbd971f80e5b3403eb8f62b424527d94f7d54a52d

  • SSDEEP

    24576:2/P/oPoBAbMsf+Mw2JwnUJTKze1yqGRSzIun2QUCtTCfzdasp4G0evlOJd4kXGTV:+oeX2JNJTKy1NHjUDakk74kXGTvhrL7

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      DekaronJSQ5.7ʽ/DekaronJSQ.exe

    • Size

      934KB

    • MD5

      d47908522a67ea24cfd04d87023693a7

    • SHA1

      56d67ab71d1b9fabb174dca43f53dbca0b68b11d

    • SHA256

      2a4fe9d13286ca2c68ee2aee593cbcdc85022e661fc4359a90462f08f9983caa

    • SHA512

      690a8117d48b3a2597b618b1dec3bc29416146b11e4edcff277fe9580c6ba5ebe255e2e2500c5655c150785d2ccb3bb1c64fed1e9a605c5237641af274bb5c62

    • SSDEEP

      24576:AjJFUlQBk7MsTMiwgupiRTIzcrqEK7+bIsx2:0UMJgTRTI4rr1

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      DekaronJSQ5.7ʽ/DekaronJSQ³.exe

    • Size

      1008KB

    • MD5

      1b66f7ac9b3a6c8ae7725ddca3f430c5

    • SHA1

      686d1bbfa8290836452308b315e1378ee8acb655

    • SHA256

      5ade0c68918a2a8e390cf9d8dce3c57a8917abd377b84a0272e68bc78e7b7872

    • SHA512

      c781b78edf8f10a6491497ca3ca7288f9a985ba1ddda745a1baa8a448604a313524556fbcac2fc343453394e57dabbd9333c365407915803eb018702a019c618

    • SSDEEP

      24576:brToBbKlrXksHQqyyZuKFd4kJEhvPctSIkI4Ekcs/2f0rbUsYPc3F5wC8m444qr5:brTpkMciN4kJEhvPmkI4Ekcs/2f0rbU8

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks