Overview

overview

8

Static

static

CS兼容版.exe

windows7-x64

8

CS兼容版.exe

windows10-2004-x64

8

CS功能版.exe

windows7-x64

8

CS功能版.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3ec6e18338c461fb6881d04afa95c37f33c94904bf2e584b4da96b20bb890a2

  • Size

    4.0MB

  • Sample

    221124-sg2l8afc2x

  • MD5

    06768c06c70c39cc0f0f2e55ede82ba2

  • SHA1

    f5e3656618b5c1c21deb0f9cbf509fcffe2df0c3

  • SHA256

    a3ec6e18338c461fb6881d04afa95c37f33c94904bf2e584b4da96b20bb890a2

  • SHA512

    64766bf1c7cc8d6d44d84992099a23ce6a2506c974c6e2319f9b82b7da0d2864c472dde8bbb8e716a0a9b7f53e84faa39966fa751c97dca870a85b939ada59c5

  • SSDEEP

    98304:/B/B7PS2W7bnPEyBWTRflF7tBEtXgTnak5D99vWyzD08Knq1Za:Z5DebEy4TRP7TAPq/a

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      CS兼容版.exe

    • Size

      4.6MB

    • MD5

      14cb1a20f3a1c80d54097b869b60be2b

    • SHA1

      4fe4df1106a3348e9af741f7299b41bae264c062

    • SHA256

      faacca39637a719dba288bc92f3be3286c9e640c732ace142622b4f5bc6a6da9

    • SHA512

      1237a9f4611ceece020a95190ad8713fae2027a8cb650be500472c723de7f4343e01305dbe0cbfa9b310cc3c215d63069312ad4b0221d1a0238ad5ce85a4c9d1

    • SSDEEP

      98304:2sQCjTMmNgva64qvAu959oE8PJBAUZLLloM59oB818a8L:ZMmNQz9zonJV/3o3

    Score
    8/10
    upxpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      CS功能版.exe

    • Size

      5.3MB

    • MD5

      98cee8df77c4b1b4fdabb263facab3af

    • SHA1

      f0e2f06205484adbf5f26db4d4ee2dfbc8c47b9d

    • SHA256

      3382f1fcba7290d83a5bb014eda5756a0993ffb68195199f2241fbdd0aa91204

    • SHA512

      ffac3f36615378ab808e2e1e1729ae19f071b72d56b74d1a393f184a2d798a09409d3faf4d86596f047c2279fd8004bc1d5e34026215635ba53ca4f75e329694

    • SSDEEP

      98304:rStP5UfJoSds9oPmyTMmNgva64qvAu959oE8PJBAUZLLloMZ8g8X8nRjOE:rStPmfYoeqMmNQz9zonJV/pN

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Install Root Certificate

2
T1130

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks