Overview

overview

8

Static

static

qqjiahaoyo...PI.dll

windows7-x64

6

qqjiahaoyo...PI.dll

windows10-2004-x64

6

qqjiahaoyo...��.url

windows7-x64

1

qqjiahaoyo...��.url

windows10-2004-x64

1

qqjiahaoyo....2.exe

windows7-x64

8

qqjiahaoyo....2.exe

windows10-2004-x64

8

qqjiahaoyo...��.url

windows7-x64

1

qqjiahaoyo...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d4b0060ff09ac7d0da455adae4e0ffaab4f0066c3fcf0da28f3630a2d543629

  • Size

    1.6MB

  • Sample

    221125-122rqaad74

  • MD5

    7ac8d027fa01ee677d77661f75e76b6f

  • SHA1

    99f1896e930f93531d31b68c01bb0471e1ff925f

  • SHA256

    4d4b0060ff09ac7d0da455adae4e0ffaab4f0066c3fcf0da28f3630a2d543629

  • SHA512

    28eb60e3a44f6120f6d6dc075f7c2ec1718e6e46ae7063ca4567cf6218d892d49ec04b39a288db17094c2935c9f266c773d3478319a32297507cedbcc5414829

  • SSDEEP

    49152:j5jTbPexm+lH8f0EvWtkHFQwBd5w1cvT3cRA:j5jTbPexlH8YwQwBb4cvbn

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      qqjiahaoyou-v2.2/CrackCaptchaAPI.dll

    • Size

      1.3MB

    • MD5

      9a4965011a94705227f62df0776f2ab6

    • SHA1

      fe91972e1c993731cdacc7429c4f4760672adcf7

    • SHA256

      a9ea79e9c5017616ca9085351ef166f35882ad5a201b92c4839ffdf1169e4113

    • SHA512

      e74bc303d99a2151dd00b8f4da0aabd70b37fe46a74702034a5a0ab3da7cad9ad0b7d69b960a10d0876ad5b660e1b868c8956e8d05321f7120f480baee34378a

    • SSDEEP

      24576:ll7VKWLgjBTGxuQi0aqj45fnNVWhb0yX6i2JHoBTURfymDdTELFI:lwmX4N2hbYiPTUQmJTa

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      qqjiahaoyou-v2.2/去脚本之家看看.url

    • Size

      124B

    • MD5

      9d9c794d654383c012286b258556fe46

    • SHA1

      8266c2159f57859ff102df419a94157a2ccef61f

    • SHA256

      c4965fa0cf71f391518797b3cc3b7ffef0ec991c5266f5f9cc90298a7da7e1da

    • SHA512

      28b9a9519a0fb7e826adaf43e76dfd11df323f20ab3089ec53c6263a51c06635c9d0b0a325cb7d20f7db42734dc257666e77d63be620aca34cdb13b766da9bbe

    Score
    1/10
    behavioral3behavioral4

    • Target

      qqjiahaoyou-v2.2/嗨星QQ批量加好友工具2.2.exe

    • Size

      3.6MB

    • MD5

      01a797fb3950fc40b793a2a930961b69

    • SHA1

      e4a7a06b513e61baf2a3dbf7c1fff3946c6663cc

    • SHA256

      82e9ea69607c60c051e492d1443474baa3d1a59d956b0cd6009a67b982258ca8

    • SHA512

      60bec9c1fac173a161e4b84b0f151adbe76e14f6cad45268676f4bf2f8149e5475aeef244ed9ad312aa7ba15ac007cbb79a7fd4a18c912980cc8ec472a6a30ec

    • SSDEEP

      49152:hDjeP+ApznKhqavgYjXOUzIeZwmX4N2hbYiPTUQmJTaId+s8KuqGaX0ToIBAUZL8:9jeP+ApznWI4XOiIGX4NuEmNJBAUZLO7

    Score
    8/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      qqjiahaoyou-v2.2/服务器软件.url

    • Size

      112B

    • MD5

      db4aa2c6c4e0555b3968690756e24836

    • SHA1

      96933b815ecdcf2fd43bd2ef036260029a633801

    • SHA256

      c85359e7af5e102716e42f659fd5c1931b553761898714ccbb261883a03f40e1

    • SHA512

      6ca491f92f9990d706b75e7ff091f8c025de7d9dc438aa25cf6e8baa87e750f6f0490e9923d82aa00ac074b572468349ed52c2765ec1fd3183a9ea146a2ff5c3

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

2
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks