Overview

overview

9

Static

static

风云江湖v2.0.exe

windows7-x64

6

风云江湖v2.0.exe

windows10-2004-x64

6

风云江湖v20.exe

windows7-x64

9

风云江湖v20.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a560a4ef907b2e3443ea0f28da839b4d20f29896d802e1fb43448216c6d07510

  • Size

    1.9MB

  • Sample

    221124-z3yk1sac75

  • MD5

    0d57bd63b350b9eeaba3f72140e31102

  • SHA1

    fd6da7096834b6b8bc91a87c9d219c331a4f141c

  • SHA256

    a560a4ef907b2e3443ea0f28da839b4d20f29896d802e1fb43448216c6d07510

  • SHA512

    f57b4e42c0c8307967677b1d16b267c537fcc97b7af24c2a26a41f7574ee9f0573d9d5ca9b1643c6641ebae4a8bf3666bdf20bb935ec70e762be589fcd9b71c3

  • SSDEEP

    49152:8vbKi/zWmjQuEy+hlNVZCk13hFqxgMh8UnZUAaMW3AFFsV:uBzWmjQq+bYk1OxghUnzahAFFm

Score
9/10
evasion

Malware Config

Targets

    • Target

      风云江湖v2.0.exe

    • Size

      1.2MB

    • MD5

      92edd3c48dc6f601607e98028ce753fb

    • SHA1

      d1a38ebf9989550c3c17b1a4a51b66d5263ef57c

    • SHA256

      03380ba189e805fe4d71a899e25a24e7e4d96c2b819c1136db5e5a53a8601a82

    • SHA512

      5662ef267f46c32768482836950abac5859b864c8d90912bab20d9ae799b38d25d62b5225736f1d13138315d1fa9674435a1a208bda91f985929d1ad6f2aa3a2

    • SSDEEP

      24576:ZCZZtdalG46v2VsPM1eVpc1Ej4SsMsEJ:BlG46OVs2efc1Ej4SD

    Score
    6/10

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      风云江湖v20.exe

    • Size

      1.4MB

    • MD5

      d3cc1961abc2aea0e3d96ec0d9c4f5d2

    • SHA1

      8763ee09dba17ba46b1789e90b5f16dcf1a82c53

    • SHA256

      e273d5ca175e19b6aa61cf8dfa65e1eb0ea365f923380acb9da90e009d259625

    • SHA512

      d9c2c379b2f8ecdfbf602e7387c1358b28c87655b0eabc4dbe2ef619594ba45face35fce905909ec30ff43a312f5ae9cd6510e1a9f2b7ccbb361998ab51e816d

    • SSDEEP

      24576:emTCLE9tPUmsYxDATvQnbc5Q/yLdPXlrdacBUQtRoTIZDq0jmmS:emP3P7sYpUviusyL9nTSOoTIZDqjmS

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks