5f5b9df47218f573d370f63196a1a99881d56e336a549559523af17e27dafe21

Sharing

Copy URL

Twitter E-mail

General

Target

5f5b9df47218f573d370f63196a1a99881d56e336a549559523af17e27dafe21
Size

29.3MB
Sample

221125-26qexsgg5y
MD5

1780d3665b6c2ea6d37cfab78803b7d1
SHA1

0f89ae020460dce180d13696458a09dcec066e80
SHA256

5f5b9df47218f573d370f63196a1a99881d56e336a549559523af17e27dafe21
SHA512

a05a85fd303485211f0d82fc4e91473cff1e0a5685293e9c44dfb1e9d598a6cb54efebf6df6192cd0e794e2caefce311c74bdf24983391a08bb7b17ff2301a58
SSDEEP

786432:kw1mLggds929QAQ3XTF3JID1LJ9HNsyBVX2EROYkNMyl/:kw12ZCTAJd9HNTzX23NMY

Score

9^/10

Malware Config

Targets

- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/67pp-3K测试登陆器.exe
- Size
  
  2.8MB
- MD5
  
  b6c466174e0ab95310b88409bdc5f72f
- SHA1
  
  5c832c7057b5a54afdb0c43ac97421e857bcb255
- SHA256
  
  14c2ed0f38eb2c80917859f745eb2f70974406398f121eb8e931cea73fce7bf1
- SHA512
  
  cb7f8ddbf4193258180af6822fe01d144f90921c10db220f169c993f561742de4009e3a2973d9e4cf1b97d81b089d359f0ee58ab1a3626e7ee3b77844586bc2a
- SSDEEP
  
  49152:gh4cI8kW0JfWJfO2RvcpG5uB7GuF/GqqLot5cBkAnmcjcCJREIdke:gScI8wufO2RcSulF/GoUBtvACL
Score

9^/10

bootkit evasion persistence spyware stealer trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/67pp.com服务端下载站.url
- Size
  
  129B
- MD5
  
  8927fabae1e46d7b3d948a837cdfd21e
- SHA1
  
  c42e64845102110b8705a49d57be49788f057a6d
- SHA256
  
  08ec269404e0fdb85cde001220db761c26785dcab77b1a3aac4f5830af9b7f89
- SHA512
  
  c2d7615c970aebcae777a2bb3c796f2b9e85a650a22247d598c3d83ae657c3c0f7df709459e50cef4a514478545bd0233d619e7726d412e27199091a60435333
Score

1^/10
behavioral3 behavioral4
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/DBServer/DBServer.exe
- Size
  
  485KB
- MD5
  
  09339d8bf1c5891db81737c22dfb9dc0
- SHA1
  
  88f86c6195a3fe12e40250287031e3203d93b0fe
- SHA256
  
  43fce1808e399bcb2a35cb7d9c18a3c44df01c0e3bf3e2d1cc69b459c0782ed1
- SHA512
  
  5a83f287b53540cb877eb2185be89401838c4959c1fc5b2cf6eefb0ffc93424b16c4f0c3e15af7157d00793ce9f2d97864b7418d36f477816d8e5608baf72bc8
- SSDEEP
  
  12288:sYxJQY+YdZR4gFfzqjldvP8zasz/Ct8mQWtmQ2go:XxCY+i7TfSFvQC+tW3
Score

1^/10
behavioral5 behavioral6
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/GameCenter.exe
- Size
  
  508KB
- MD5
  
  1ed1c217b9687078ae3d6a0fee0d45c2
- SHA1
  
  5c1f3b7af2ba906d4bece854e37364142d5e420b
- SHA256
  
  e231b72ff94084ce3d98f7c9f9b98824e437e90fd1469922a4fcbbc2e35f768c
- SHA512
  
  c12f909f386780c3583a7d73626a069089f2f0e41bc6e5683add66cc19fdff7eac0d3e49e31fd23c07e7a776f5eabb907dcf88a1b1670226c79bbadd141f4dc9
- SSDEEP
  
  12288:roNFBhCGm1Godt78LxLNk6tW9eWILhDwtXg5KpeQZ0772bpth+p:roNXkGm1RdtYLxo9eW8Dyg5KpD0nuptw
Score

1^/10
behavioral7 behavioral8
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/LogServer/LogDataServer.exe
- Size
  
  383KB
- MD5
  
  64cf2cfcd2503c486e6957a569c0dc76
- SHA1
  
  77592007a54ece0327df90a7096f27652e9cd665
- SHA256
  
  dcee4f53b38c5424ee128dd153a47d4e1d8086ca90f2c1fab4be29bc8ca02cf3
- SHA512
  
  96772724daf228701b434490963a3cddaf022634ad4048a1dc34d9f683f991e3b31adfde6599be23774343e48fdf82772170e0eebfa52487cf0e40df834a0a2f
- SSDEEP
  
  6144:QcZwt8EL8UgzFJJpOYTELbsu9IBXmv9gt722JqgrX2g8VAU/VFSOu7AtUlRMV3F:zZahYN3w4ZBKgdSgRyVFLrtUlRMV
Score

1^/10
behavioral10 behavioral9
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/LoginGate/LoginGate.Exe
- Size
  
  478KB
- MD5
  
  287822fe9e3f549096096de88311785e
- SHA1
  
  21a5cc4864b75ab3dc9991d97a54190179121421
- SHA256
  
  38ba97408b6c70b762b213e9965e9b3e7e3996a5f2bb434c1cac211c21eaa71f
- SHA512
  
  b01db3c10ebd235dc1463bb76fd25b8e3fc34723dd7d68d8417e3c08e3c0783ee92d0c7b4b696c81da803c5a8462f7955c3136aace6f9a77542d5a48ee7a9b97
- SSDEEP
  
  6144:XZoP97SjzGob2VF68G3c71W6q7oUdkrZ0O0NZlYWdnytFbTT1OhjUSI5MvUqCy2w:mFK38FZWeP05YWdytlCASIeft2iWl7k
Score

1^/10
behavioral11 behavioral12
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/LoginSrv/LoginSrv.exe
- Size
  
  333KB
- MD5
  
  c07b785b690fb9dfa0b404c6e69a7001
- SHA1
  
  b236a4720d6ac9426f40195fa5619a8c6eb24fff
- SHA256
  
  27f4d216da33de9541a9e30702caa1ffeb68ca6e3e904382d3f8b1aba79e27b1
- SHA512
  
  47a0904d5d7a2143795e41ed7e6b8efd6e2816f502748921d0f3dbf53bd5d83ba041926b0e458aa5f3423f3752c6454074af9d8b9189138a1e9ac04946cd493e
- SSDEEP
  
  6144:LOzLPjdf+/66Z5TsfkRumVMPz3apGeAyx8WXc5FshwBWJg6djNVYmxtu+:LOz/t+/phckwJr346eCF9WZNntu+
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/happy/快捷方式到南非球场-3.txt.lnk
- Size
  
  819B
- MD5
  
  c058473d1e8ef680db9ec317e10add2d
- SHA1
  
  325b2670d253ae0aed6f96878f63d033b07736d8
- SHA256
  
  39333fd9410ba7f2893d2632dcdd1018df5056331ed2976431ae2ba756bbbfdf
- SHA512
  
  f5d030e4668d33c574c5cd45a87d7db677a974661f8ea1ed3fa8ab4ee9fcf9b188fc9fdec82506383b6434777209ed78f5ae9fe6bf91a999de35cfa50173d943
Score

3^/10
behavioral15 behavioral16
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/仓库NPC/免费传奇商业版本随便下.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral17 behavioral18
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/仓库NPC/更多商业开区版本下载.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral19 behavioral20
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/仓库NPC/版本来自www.gm670.com.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral21 behavioral22
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/仓库NPC/至上科技论坛 www.gm670.com.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral23 behavioral24
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/仓库NPC/至上科技论坛.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral25 behavioral26
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/传送/免费传奇商业版本随便下.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral27 behavioral28
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/传送/更多商业开区版本下载.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral29 behavioral30
- Target
  
  最新1.85神龙合击服务端.巴山骊王.血葬通路.至尊城/MirServer/Mir200/Envir/Market_Def/传送/版本来自www.gm670.com.url
- Size
  
  174B
- MD5
  
  111101574f988bc38a3a90e656d85bed
- SHA1
  
  fb5e438f1f8c3549fc52ad4945ea0de0aa5f074c
- SHA256
  
  0868dfc3487f3c8e1ce92e1b7b1503ccaaa5650d5961fefe07c15ac751384202
- SHA512
  
  7f0880bc2ea93d300bd5f209d5956b47e8082dbfa533e948264a63a4e0128a1730f42e5c215d754c6dba82a534db30b64c405ceb1de3e60682f6f2b22587fa61
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Reads user/profile data of web browsers

Checks whether UAC is enabled

Enumerates connected drives

Writes to the Master Boot Record (MBR)

UPX packed file

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32