Overview

overview

8

Static

static

8

神风QQ�...de.dll

windows7-x64

8

神风QQ�...de.dll

windows10-2004-x64

3

神风QQ�...��.url

windows7-x64

1

神风QQ�...��.url

windows10-2004-x64

1

神风QQ�...mp.exe

windows7-x64

8

神风QQ�...mp.exe

windows10-2004-x64

8

神风QQ�...��.url

windows7-x64

1

神风QQ�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36e71e6b2d6a29123881754b64c9e6bcdba1cc62c26f62107a8188773f1ff538

  • Size

    2.0MB

  • Sample

    221125-18vxraba65

  • MD5

    cff19e0b59add49370352f74dc28aeb4

  • SHA1

    4559756f1c8287bac40276fddb220dfff75a7bbb

  • SHA256

    36e71e6b2d6a29123881754b64c9e6bcdba1cc62c26f62107a8188773f1ff538

  • SHA512

    f3b8ec25ca6f24065f5cfc971d5b14d6a54a6dfc2144d83cf25cf0e61204a14f42e08ffc4ab1e8ae0aa3671a7d6440cb31319be0a74047e66ab29acc88dd8404

  • SSDEEP

    49152:1nNE8/PB0u2x3PSmumitDXBSfTzjf43eevwF+2L2BNw4xdZr:1nK3HtipXkfTUeeYFDYW4Xt

Score
8/10
bootkitpersistenceupxvmprotect

Malware Config

Targets

    • Target

      神风QQ自动加群软件正版v3.7/FastVerCode.dll

    • Size

      76KB

    • MD5

      49cd21dfb8e46cc77aa702985403d81a

    • SHA1

      6e1ebce88bb412c82c464aeaa694b5dc76494563

    • SHA256

      0885b3620285d0edcc3455a43092ab92b39d4a50f9f25495586baa15114c04e7

    • SHA512

      de5da0f1e15987695748db455f2130c373770658049e7bd808cc22d59b88c6ed8f2cf33d192e6cd2f823993a1bdd41ed98679952e0ac6bdebdc7b330a42c6a23

    • SSDEEP

      1536:dG6TydpOAOJNM9/PMuBt4cqR/pkxuMXkF4:Xydp2Ju9MuEDpkxuKk+

    Score
    8/10

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      神风QQ自动加群软件正版v3.7/使用必读.url

    • Size

      125B

    • MD5

      379cd9bc5f7937f7414191c65d8a4979

    • SHA1

      e0fb340fe107b422f33439512016e68eca29b03d

    • SHA256

      42c63721e8fad25c6454683e82365a3ceb55a4e520b7b15fe8ec022b3db3fc2b

    • SHA512

      f0ce028625e6791c1ca729cf9966516f6c67bfcc40eff50f7c804c5da88a13aac4a55541d47e5adaad3672f8702288ef1b592fb47c335da5be401cc8c6a13d00

    Score
    1/10
    behavioral3behavioral4

    • Target

      神风QQ自动加群软件正版v3.7/神风QQ自动加群软件正版_已激活.vmp.exe

    • Size

      2.1MB

    • MD5

      a33d70a0f412dac7856a14f964a85588

    • SHA1

      a82ea93433a0ab4d8bfcab92f1438a439d8abc32

    • SHA256

      d4ae2bb4e1166dc2e929e4716d16e1199e0ffb79faaffb985a125d4629cf63bb

    • SHA512

      64c562da27028286e950df27d2de68a5a675642dbb64a6977a2c5057aef7e87af30dcfdedb70477226c71e0b0210d0617bc122156466d066ed5143302af783fb

    • SSDEEP

      49152:9TvVlnFD6KhMkk4JI+/YsGSrBxj6Uk8Qyr2/WBASf5:9rhNhXk4JIPcrBxRbQPWB3f

    Score
    8/10
    bootkitpersistenceupxvmprotect

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      神风QQ自动加群软件正版v3.7/绿色先锋下载.url

    • Size

      338B

    • MD5

      069d35380abc5ae58988ba6f9e064da9

    • SHA1

      890fa09ff8494a377ae01ebe101a9a942d9ca107

    • SHA256

      8a88deb467ade665aad76fbdd0d79332e945731a8265568c32ec4ac4bc12c9a1

    • SHA512

      70b30d080084f03828784d75bbfce068ddda8894e59a152bef12b8e861df061f1d66051222e24c20bbd5e8c43a2e9e47349b27d2cb877130c59f95f2ce40357a

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks