Overview

overview

8

Static

static

8

Baidu_Com_...15.exe

windows7-x64

7

Baidu_Com_...15.exe

windows10-2004-x64

7

ӛ-1...��.exe

windows7-x64

8

ӛ-1...��.exe

windows10-2004-x64

8

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60d94692d731fce2eef39ae2814807a0042eae1fe5a82f43c44f5ab69718604b

  • Size

    3.1MB

  • Sample

    221124-m4lxdshf94

  • MD5

    f103803ca25cc4b9954566e4ac095a68

  • SHA1

    ae68a803ddb5bb443e2c4cbe60959974f970804f

  • SHA256

    60d94692d731fce2eef39ae2814807a0042eae1fe5a82f43c44f5ab69718604b

  • SHA512

    497a2812ae6f6e7cb631dcd51b9ba9fad3d89168443c21b74bca78c81c77947a10808dfaec2182d5917154e97d38ab6210cf08f0a5debc193a950652fcc30e81

  • SSDEEP

    98304:HW+P5j01IO0ocYjJR2zVDn+KQlgkqiKm9i:TP5jhzBzVDnZNk+x

Score
8/10
bootkitpersistencevmprotect

Malware Config

Targets

    • Target

      Baidu_Com_90000215.exe

    • Size

      1.4MB

    • MD5

      20dbd1541448c659e921ca523da62e8b

    • SHA1

      59dfc6db7e026c5a27e89983d55be83aadf3a909

    • SHA256

      0215531b7de01049eb626ab9c35f5e1264263bd11b120964a6ee34193e60561a

    • SHA512

      ae4392893614f76bd2588cd9efa46dc6a5e14e3f2d23cf6da2d158f9bc70201a074558e8d103640c78a58d5dac5a84b1096e0a459c7917d6f8f5bb2adf71ff0b

    • SSDEEP

      24576:aCfFgOHDg89bvfpETrWTVvqPldRv4dyB41Zk1J03xm4U5r1mqF+R3qo06QvuEjGn:RqOFbnaTrTTA041ZAKxFW8qFMan6Kudn

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      ӛ-14.9.26.1.exe

    • Size

      1.8MB

    • MD5

      55b9bb60c5b627b87f37cf89893d6412

    • SHA1

      48c004c4f5ca9d22a0c69a22884ce6d9fdb486e5

    • SHA256

      a03e2529a1b1e714c59ae4467b557140123c6631d8abad89c3eec6f9a4689506

    • SHA512

      7a6de61cee3b2fa8526af15fd3acf985c1674a9dcac45f43d57fece3e59be6c2e04f7ca4d19d00bf4a2c30750bec37fd0c3d68ee8fef1385ebcf37adb8f70b2f

    • SSDEEP

      49152:tjKs2rPHwcwUNaBeeSzn610EfuFfMxwg:4s2rPjUTS20V0w

    Score
    8/10
    vmprotectpersistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      QQ.url

    • Size

      126B

    • MD5

      9f36733525857a875b9aa9b0dc78da08

    • SHA1

      9b7bf725cc7a90bf159ad1958b043adb16e36a9e

    • SHA256

      97c3de62e4bf28be46b48a65a349d3ab190ebad5602b8c6e92230d0a1c432ad2

    • SHA512

      72cb12cd8257add1e58d436f69c1f9d6cbfe515a172608943f30e46db376be5873a0ba6c58f81a269b6758419a4ea6b56cfd2dc40d86b4ffab47f0e90815ac85

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks