Overview
overview
6Static
static
qwbackdate...ar.exe
windows7-x64
1qwbackdate...ar.exe
windows10-2004-x64
1qwbackdate...��.exe
windows7-x64
6qwbackdate...��.exe
windows10-2004-x64
1qwbackdate...��.exe
windows7-x64
1qwbackdate...��.exe
windows10-2004-x64
1qwbackdate...��.url
windows7-x64
1qwbackdate...��.url
windows10-2004-x64
1qwbackdate...��.url
windows7-x64
1qwbackdate...��.url
windows10-2004-x64
1General
-
Target
1de16e6927ad506cb6f995bb58e3a1a59f88b60db56eda07fb4f4f15f0e350a7
-
Size
277KB
-
Sample
221124-nzxzjabg86
-
MD5
e4f9b7acb179aa1dc644b5e653c7b927
-
SHA1
c16eb3ba740d5f22db003d1f07c8bd6ff96f0c15
-
SHA256
1de16e6927ad506cb6f995bb58e3a1a59f88b60db56eda07fb4f4f15f0e350a7
-
SHA512
b70e7ab1f369bd053b87be7fc11402c61f95a9a4450a48775ca4be4d158837eae93d309c5d3c9ed146890a1706a4be9d59d936cb766797f50d51069bf789f8ea
-
SSDEEP
6144:I2/7C55GzqPSjpBcEVjA/vBNjXe1EUHn9nY3/b:52rNXdvBx4EG23/b
Static task
static1
Behavioral task
behavioral1
Sample
qwbackdate/qwbackdate/Rar.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
qwbackdate/qwbackdate/Rar.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
qwbackdate/qwbackdate/千万备份器.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
qwbackdate/qwbackdate/千万备份器.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
qwbackdate/qwbackdate/千万备份器V1.1注册机.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
qwbackdate/qwbackdate/千万备份器V1.1注册机.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
qwbackdate/当百下载.url
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
qwbackdate/当百下载.url
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
qwbackdate/访问我们的网站.url
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
qwbackdate/访问我们的网站.url
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
qwbackdate/qwbackdate/Rar.exe
-
Size
321KB
-
MD5
4b4ac0755fb1f7f1c6d7bc1baa33fb6b
-
SHA1
a5a427d42df0b95593f7e97cdf5e7fd849f9b1b5
-
SHA256
41cc50c6be32e20d1545c2a7e76eda026994ace48ad3acd8e52cb2bace478fec
-
SHA512
3069781e74b736cd0a10b2251dfb272be169399d906ddb9f4f26910899c0cccd4a0d3ab213fcc6aae6362f8cbd40e2c8a3a64125163e72d32e933db6115ddf9c
-
SSDEEP
6144:6BmORNAKrah6bHRvJzfkLKmElzYUFA+0VaqMNTFeRPGwv7pq7jlS/:6BmAlaqbTPFA+beRPGQ
Score1/10 -
-
-
Target
qwbackdate/qwbackdate/千万备份器.exe
-
Size
107KB
-
MD5
7e8c6cbd0850374726f2a099243b3416
-
SHA1
d795f91f037f3928bb2b52ee128cf5cf68eb9c35
-
SHA256
732a857f55be5935b2603080e2ddf48235c28bf8de1c45d52337cdca34bbd9ca
-
SHA512
335d1faffce0c1a6986dd70f3c75367fdd5ba546984b11ae47ee84838f7313678a8d13df23473c7025557d5d4a2a49cdba4ac49f528eb5088945d19081e247f5
-
SSDEEP
3072:gAUjMo0+HY3DzGxnZh8txicmHEs/ZLGeEh:TUjMuHSf4nZ6zpJs/Gh
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
qwbackdate/qwbackdate/千万备份器V1.1注册机.exe
-
Size
18KB
-
MD5
450cbe05404a21e6c13182997089ba93
-
SHA1
363e2920050acf0acb68a974c16cc503882f9a8c
-
SHA256
874be8af18427060b9e124acec9162297e9c83c9822b6f9607a522614c4abba3
-
SHA512
4d3d16710a561060cf2343079540c4cef0b523b16bceacdb142a371aa9ace847215080572daa0b24565033a61a179555e7e8490ff6265df0cad576d5d2c34441
-
SSDEEP
384:be00crMPJYnXTy8dDQoe7VDZ4Pa8b39z966:a00cAP6nDy8d0phDZ4P19z96
Score1/10 -
-
-
Target
qwbackdate/当百下载.url
-
Size
163B
-
MD5
502d696ac321c1ca562fc6a6a3459109
-
SHA1
8781d5512783f0c7ff25c707464dcb1ed74577a2
-
SHA256
d032a8eb65b59591b016217a50a7c33fe0cc6c604261df567d028234fa7e4faf
-
SHA512
5466109eecaa92608b9f5d831aed74f90ee44db32dbdc1296571a71301f76f7a97c15f2dc1f9ea66fdb5f3c7d605bad79b2f1529d0fabff7452257f429e4b6bc
Score1/10 -
-
-
Target
qwbackdate/访问我们的网站.url
-
Size
159B
-
MD5
b70a2631fb48a91281dffdf3d4ac6193
-
SHA1
e49275b3a6e462ebc5887403b82a9a2ab027f38a
-
SHA256
3730c030d53a74c7ddb76e4f6b442a51ca52d6251d9fca30ad7a199933fbcc35
-
SHA512
181e5dd59c71a151394bc8e1f907d37baa189fd5d72d621e95808a8b4ba518239bf0fe07e974298374dfb57932f7ec9c1ace2713ba69ac0b2e4ab8562c9bf7ac
Score1/10 -