General
-
Target
a560a4ef907b2e3443ea0f28da839b4d20f29896d802e1fb43448216c6d07510
-
Size
1.9MB
-
Sample
221124-z3yk1sac75
-
MD5
0d57bd63b350b9eeaba3f72140e31102
-
SHA1
fd6da7096834b6b8bc91a87c9d219c331a4f141c
-
SHA256
a560a4ef907b2e3443ea0f28da839b4d20f29896d802e1fb43448216c6d07510
-
SHA512
f57b4e42c0c8307967677b1d16b267c537fcc97b7af24c2a26a41f7574ee9f0573d9d5ca9b1643c6641ebae4a8bf3666bdf20bb935ec70e762be589fcd9b71c3
-
SSDEEP
49152:8vbKi/zWmjQuEy+hlNVZCk13hFqxgMh8UnZUAaMW3AFFsV:uBzWmjQq+bYk1OxghUnzahAFFm
Static task
static1
Behavioral task
behavioral1
Sample
风云江湖v2.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
风云江湖v2.0.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
风云江湖v20.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
风云江湖v20.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
风云江湖v2.0.exe
-
Size
1.2MB
-
MD5
92edd3c48dc6f601607e98028ce753fb
-
SHA1
d1a38ebf9989550c3c17b1a4a51b66d5263ef57c
-
SHA256
03380ba189e805fe4d71a899e25a24e7e4d96c2b819c1136db5e5a53a8601a82
-
SHA512
5662ef267f46c32768482836950abac5859b864c8d90912bab20d9ae799b38d25d62b5225736f1d13138315d1fa9674435a1a208bda91f985929d1ad6f2aa3a2
-
SSDEEP
24576:ZCZZtdalG46v2VsPM1eVpc1Ej4SsMsEJ:BlG46OVs2efc1Ej4SD
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
风云江湖v20.exe
-
Size
1.4MB
-
MD5
d3cc1961abc2aea0e3d96ec0d9c4f5d2
-
SHA1
8763ee09dba17ba46b1789e90b5f16dcf1a82c53
-
SHA256
e273d5ca175e19b6aa61cf8dfa65e1eb0ea365f923380acb9da90e009d259625
-
SHA512
d9c2c379b2f8ecdfbf602e7387c1358b28c87655b0eabc4dbe2ef619594ba45face35fce905909ec30ff43a312f5ae9cd6510e1a9f2b7ccbb361998ab51e816d
-
SSDEEP
24576:emTCLE9tPUmsYxDATvQnbc5Q/yLdPXlrdacBUQtRoTIZDq0jmmS:emP3P7sYpUviusyL9nTSOoTIZDqjmS
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-