Overview

overview

9

Static

static

9

�...PI.dll

windows7-x64

6

�...PI.dll

windows10-2004-x64

6

�...te.exe

windows7-x64

1

�...te.exe

windows10-2004-x64

1

�...th.dll

windows7-x64

8

�...th.dll

windows10-2004-x64

8

�...ts.exe

windows7-x64

8

�...ts.exe

windows10-2004-x64

8

�...ok.dll

windows7-x64

8

�...ok.dll

windows10-2004-x64

8

�...st.dll

windows7-x64

8

�...st.dll

windows10-2004-x64

8

�...��.exe

windows7-x64

9

�...��.exe

windows10-2004-x64

9

�...��.exe

windows7-x64

1

�...��.exe

windows10-2004-x64

1

�...��.bat

windows7-x64

1

�...��.bat

windows10-2004-x64

1

�...��.bat

windows7-x64

1

�...��.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1379fd67588484b8817a50e5fdfb37ced156e44b3a4f0fdd466409e481733ef5

  • Size

    5.5MB

  • Sample

    221125-2lt8dacb79

  • MD5

    d19f0b0df915fd9d4d0a965ab331d703

  • SHA1

    576b429ad4e43f863ecb9c57258cd678dd820a91

  • SHA256

    1379fd67588484b8817a50e5fdfb37ced156e44b3a4f0fdd466409e481733ef5

  • SHA512

    abfb3c5c5ac5ab20bfc85c013dc0efa5e66e73077aec6433bd987a539b9ded4b9f5f4416fe4a020bb791430a444dcd658a28f2dfe067450b82ec14c9bddad3a1

  • SSDEEP

    98304:8KKoGiGPtEwVlnccihKE7nR7ZfKX57CEWIz9O3b4tLhsjq497qWZhv3V7ATTsXZV:pKolYVcdZnr4CEWbkRhsjq4RHd3VNZkO

Score
9/10
bootkitevasionpersistenceupx

Malware Config

Targets

    • Target

      ʹ֮/CrackCaptchaAPI.dll

    • Size

      1.3MB

    • MD5

      6046edcc5db052bea9e7e6d2f2e869b1

    • SHA1

      f9efa2ff06eb664a0a3e9f2c53bc1c538c59b590

    • SHA256

      07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c

    • SHA512

      fc6340b7a795566126da4efe6228a19eb36ee22e35323ad892289a62481ed414f1486a64c770bcb53ad6d8967363d81da91839ddd2a11c1dfb1e72a51a9bd8a8

    • SSDEEP

      24576:An6WrvFhoN0oXr2HbAR4rMuwKc3QC5fexfduH2FRNEpzvKdYu2TB3DEZ:APNet4PWQC5yluHQuzQYTTFIZ

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      ʹ֮/Update.exe

    • Size

      72KB

    • MD5

      9039cd52b7ea11f7c234befb1d277ff0

    • SHA1

      37c678fe5c183068fffdb0d928c4d8abd5afce71

    • SHA256

      33430fba30b8b96b2357dd38ee1061996674e7ec93918d975f5382f92188bc36

    • SHA512

      a04706fe5a05e08ac3a4ddf886c0ecf8d5413aeca15ba74ddaf1d3d03f4ad16cf72efc4de52073e2c96f57aaa0af76f3d1250af8c114444593db72f9b8661084

    • SSDEEP

      768:4aeMRqC9aLgaQBxVK14+0eBKqxAGREv0s4qenL8ZdBw76kPlnxk/bP34wYq79tW:4a7RqCMLgahD07yev0hLIbkFUPDYAtW

    Score
    1/10
    behavioral3behavioral4

    • Target

      ʹ֮/VAuth.dll

    • Size

      204KB

    • MD5

      c40453613720f82ed07058b0c336ceae

    • SHA1

      bec37046da533adfd79a4db3de00c93198b30e36

    • SHA256

      6d9fae2f550391d6510523ec443278be45a62178e87de0bf644d22f0c4a40d91

    • SHA512

      eacf9b084adbbfb1f4cae7a7966982d98b0578a5aa9905237c73ec9491b898ba38d75b360993d8c6439b548660ea514c8de2f684f4a10e3c0cd1b1a7df973df8

    • SSDEEP

      3072:Qme1GvjCRltauHGw87EtG5uJtYXdGpdzEwpYaEpMc91+7atMnQ:cuCn3y7EtGGGdGph7pYaEpZ1+3n

    Score
    8/10

    • Blocklisted process makes network request

    behavioral5behavioral6

    • Target

      ʹ֮/dts.exe

    • Size

      1.9MB

    • MD5

      324ef22cedafcbc9f513fec29f491377

    • SHA1

      46eebe031d5ba4aab29c9832135025f11b2e8839

    • SHA256

      d4e739ed5cfe95b59b43b9c1bedf6d608f568d90d016f50d644a4b92189d5688

    • SHA512

      37cd424f0802c74b4f73d2ad0a46bf49845ed4b5047dcfbfc1e2c0c5698eb42efcb0f8fa1a7a4ef65b147afbaca4293c8ab0cd53bdfcde889436d151bcff89a6

    • SSDEEP

      24576:u4gbghywByh3SCKzmPvuUFjPS7kY25Jqa9mrI67j9DVibgvyKE7jh4T:ubbgE75kDtDYcvyKEB4T

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      ʹ֮/hook.dll

    • Size

      780KB

    • MD5

      d689f4979d99dc5627c7b28c57c24a52

    • SHA1

      70b153e20e1b21807b76a0af57e55a4c3ef4c688

    • SHA256

      96305bd113673cab2dcc7180997b4500235bb509fb68c144535401c6510a8332

    • SHA512

      95d20816fa0d21354c5c6303ebe246add92c9f8bb8628106f2c6099013a97451f5e9a0356cfc14332ebe53f94e06e77f4deabac8feb4677b5d8ebf02a885e24e

    • SSDEEP

      6144:ipUM6WA/ODBnKApJuyvNmxBnutFatR5EVFMNjM6sF7/Ts/IzemYRX/9QvCKXxaPS:ipYWDBnKggI2QzKEFwj6Bo/Y3m96G3K

    Score
    8/10

    • Blocklisted process makes network request

    behavioral10behavioral9

    • Target

      ʹ֮/test.dll

    • Size

      804KB

    • MD5

      c578b6820bda5689940560147c6e5ffc

    • SHA1

      922e50d89c9c44bdc205ef17aa57212b64e58852

    • SHA256

      3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

    • SHA512

      9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

    • SSDEEP

      24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      ʹ֮/ƶ.exe

    • Size

      1.9MB

    • MD5

      91c5458de692794b06f4a9325d05d54c

    • SHA1

      57a6bb11434383fd92c84337672035db16c451a3

    • SHA256

      de3a14f92fac837c5e7017a694de2583efeea11d514c78cec3d8dcc43742386d

    • SHA512

      4ffd77afc3d71001f80b991c38a487ccfa7a72f342d493ee17af0036defbbc606340c015a6f4cc5745bc4d7c21c1926ea7f5a060df1ade2ef594b140b78fc641

    • SSDEEP

      24576:eABVT3dYPhwBC+vzC8ZgwC0PtdrGd6ppOTEwb+KeZQgw/bPg+IYYljK3qOTUPQC+:eYd2hwBC+vzC8Z/LrGcpEmM3qOTMdtL

    Score
    9/10
    evasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      ʹ֮/ƽⲹ.exe

    • Size

      672KB

    • MD5

      b886e38d94fdcd72b00b779c65eb23f3

    • SHA1

      dcb6f22350762df904843f535823d6f950cdbcb9

    • SHA256

      d65a42c9288c8099eca1957c95f90a13b66a4570d3be571179ab27f3caf2bf58

    • SHA512

      37aa34e17efc2a20233dcb8366b86d2c80425b9235fb5a3a764f764268666e2ca4496958643a6c4d922611001fe96da95cee961576362702de44fa4de3ec3c87

    • SSDEEP

      6144:Gfk2ENShAA8Pf7Yweump1L0k4EvKB2au8+yKd9iI0qV9MsbwP018HAemY7qs0mBn:GfkbNXPf7YfumpVLF8+d4IfR5CHhmYqw

    Score
    1/10
    behavioral15behavioral16

    • Target

      ʹ֮/ֶɾ.bat

    • Size

      20B

    • MD5

      2c46a2848d67aaaea8b606fd29ea8792

    • SHA1

      9df6b24a7e38aceca70bce2824d60e4beda89329

    • SHA256

      d330af5b7a6657228149926f857c36d9f74c111a4e264f469381b6c8a437dbe3

    • SHA512

      49ae52a8e1b99096831641d9e519268ad996b5eabfb3e649466c6c5459a2f6956bd9f9d231edb4e7dd66f4757aa3ae8774e4fb27f62742af2a9bfd381095ed90

    Score
    1/10
    behavioral17behavioral18

    • Target

      ʹ֮/ֶע.bat

    • Size

      17B

    • MD5

      024ae6ee0a93dc9298e272b75022908e

    • SHA1

      d9fad8bad31c9a5a1c0a725ee5a9b2af021d2433

    • SHA256

      38aa3d96459d6b7feb36e637564c4c75c1c1a2c186139dbb1c5e9600f95a81ce

    • SHA512

      a642e0453281881b30c04d25d08366a5246d86582f481afa3bb28627aa8ef15745ffbb3f2210ae03539f7ff55d2a0b2a8ced45f1abf87e8ba5d5bb3087600334

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Enterprise v6

Tasks