1de16e6927ad506cb6f995bb58e3a1a59f88b60db56eda07fb4f4f15f0e350a7 | Triage

Sharing

General

Target

1de16e6927ad506cb6f995bb58e3a1a59f88b60db56eda07fb4f4f15f0e350a7
Size

277KB
Sample

221124-nzxzjabg86
MD5

e4f9b7acb179aa1dc644b5e653c7b927
SHA1

c16eb3ba740d5f22db003d1f07c8bd6ff96f0c15
SHA256

1de16e6927ad506cb6f995bb58e3a1a59f88b60db56eda07fb4f4f15f0e350a7
SHA512

b70e7ab1f369bd053b87be7fc11402c61f95a9a4450a48775ca4be4d158837eae93d309c5d3c9ed146890a1706a4be9d59d936cb766797f50d51069bf789f8ea
SSDEEP

6144:I2/7C55GzqPSjpBcEVjA/vBNjXe1EUHn9nY3/b:52rNXdvBx4EG23/b

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  qwbackdate/qwbackdate/Rar.exe
- Size
  
  321KB
- MD5
  
  4b4ac0755fb1f7f1c6d7bc1baa33fb6b
- SHA1
  
  a5a427d42df0b95593f7e97cdf5e7fd849f9b1b5
- SHA256
  
  41cc50c6be32e20d1545c2a7e76eda026994ace48ad3acd8e52cb2bace478fec
- SHA512
  
  3069781e74b736cd0a10b2251dfb272be169399d906ddb9f4f26910899c0cccd4a0d3ab213fcc6aae6362f8cbd40e2c8a3a64125163e72d32e933db6115ddf9c
- SSDEEP
  
  6144:6BmORNAKrah6bHRvJzfkLKmElzYUFA+0VaqMNTFeRPGwv7pq7jlS/:6BmAlaqbTPFA+beRPGQ
Score

1^/10
behavioral1 behavioral2
- Target
  
  qwbackdate/qwbackdate/千万备份器.exe
- Size
  
  107KB
- MD5
  
  7e8c6cbd0850374726f2a099243b3416
- SHA1
  
  d795f91f037f3928bb2b52ee128cf5cf68eb9c35
- SHA256
  
  732a857f55be5935b2603080e2ddf48235c28bf8de1c45d52337cdca34bbd9ca
- SHA512
  
  335d1faffce0c1a6986dd70f3c75367fdd5ba546984b11ae47ee84838f7313678a8d13df23473c7025557d5d4a2a49cdba4ac49f528eb5088945d19081e247f5
- SSDEEP
  
  3072:gAUjMo0+HY3DzGxnZh8txicmHEs/ZLGeEh:TUjMuHSf4nZ6zpJs/Gh
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  qwbackdate/qwbackdate/千万备份器V1.1注册机.exe
- Size
  
  18KB
- MD5
  
  450cbe05404a21e6c13182997089ba93
- SHA1
  
  363e2920050acf0acb68a974c16cc503882f9a8c
- SHA256
  
  874be8af18427060b9e124acec9162297e9c83c9822b6f9607a522614c4abba3
- SHA512
  
  4d3d16710a561060cf2343079540c4cef0b523b16bceacdb142a371aa9ace847215080572daa0b24565033a61a179555e7e8490ff6265df0cad576d5d2c34441
- SSDEEP
  
  384:be00crMPJYnXTy8dDQoe7VDZ4Pa8b39z966:a00cAP6nDy8d0phDZ4P19z96
Score

1^/10
behavioral5 behavioral6
- Target
  
  qwbackdate/当百下载.url
- Size
  
  163B
- MD5
  
  502d696ac321c1ca562fc6a6a3459109
- SHA1
  
  8781d5512783f0c7ff25c707464dcb1ed74577a2
- SHA256
  
  d032a8eb65b59591b016217a50a7c33fe0cc6c604261df567d028234fa7e4faf
- SHA512
  
  5466109eecaa92608b9f5d831aed74f90ee44db32dbdc1296571a71301f76f7a97c15f2dc1f9ea66fdb5f3c7d605bad79b2f1529d0fabff7452257f429e4b6bc
Score

1^/10
behavioral7 behavioral8
- Target
  
  qwbackdate/访问我们的网站.url
- Size
  
  159B
- MD5
  
  b70a2631fb48a91281dffdf3d4ac6193
- SHA1
  
  e49275b3a6e462ebc5887403b82a9a2ab027f38a
- SHA256
  
  3730c030d53a74c7ddb76e4f6b442a51ca52d6251d9fca30ad7a199933fbcc35
- SHA512
  
  181e5dd59c71a151394bc8e1f907d37baa189fd5d72d621e95808a8b4ba518239bf0fe07e974298374dfb57932f7ec9c1ace2713ba69ac0b2e4ab8562c9bf7ac
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10