Overview

overview

8

Static

static

8

2014年全...��.url

windows7-x64

1

2014年全...��.url

windows10-2004-x64

1

Crack/Game...me.dll

windows7-x64

8

Crack/Game...me.dll

windows10-2004-x64

8

Crack/Game...er.exe

windows7-x64

1

Crack/Game...er.exe

windows10-2004-x64

1

www.3dmgame.com.url

windows7-x64

6

www.3dmgame.com.url

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1141efed74f2c12a1a6d871ae4594afe69f1bc60be9177039b8beb1e6723a89e

  • Size

    1.0MB

  • Sample

    221125-2mnrzscc39

  • MD5

    b0bac627c7a08f3dcb3475f02b71cf00

  • SHA1

    37401c3187d6254f16e4678307a5c5b52be7a826

  • SHA256

    1141efed74f2c12a1a6d871ae4594afe69f1bc60be9177039b8beb1e6723a89e

  • SHA512

    745e166544486e4f3f0531819faac7e934a165139159ec4dca3b72d37fd44e923d14f6dd40292dd9d8cc2ee4c9fd1336b93661060c10f9dc4706be85ed60043a

  • SSDEEP

    24576:5L/D+yLPbg0sWU8nIB0tSk60aRkoZyb7aabH+pFjPR30dzqRPjDbHmXBvG710:5L/D+yLP1U8IyT60aWSi7aabHijOdzyo

Score
8/10
evasionpersistencetrojanvmprotect

Malware Config

Targets

    • Target

      2014年全部热门单机游戏及汉化下载.url

    • Size

      135B

    • MD5

      a29b31d598bace188d44a1a00dc49ae1

    • SHA1

      1e28bb441000742512fd60a7aeb27bb018e5067d

    • SHA256

      03de1ab3909bf16475265be54473b2dd8b525a43edb21d9c053e002748f171f9

    • SHA512

      225873d557ff6ab12a27f99d3fd0d43479fb0f0aaf63ee9a6a432607d5588faf10091ae5990bdb969c97d2f0e74a50110c7ba9d2ed652980721f72699e9f2923

    Score
    1/10
    behavioral1behavioral2

    • Target

      Crack/Game/Bin/3dmgame.dll

    • Size

      802KB

    • MD5

      582e9002cc3766b3cff02536b65c6bc4

    • SHA1

      91ed2700dbfdaa31b3bfebdfe42a82560839f79f

    • SHA256

      5bbd97293117378e8c8f12336be4b59e9bd00ce68d105094fe87a2de79d6792c

    • SHA512

      e2704748681bbc133f0b1b7dee0a83455ef83ca9611c29fd5311679846f96dce6a845480176a4904a1e20a426b7407d596622afc0c188e2e8945a837faf3739e

    • SSDEEP

      24576:ENiiIr3+x4WzRid6vJSqwduCX8YwfHOPucs0aT/H:ENGDsR1csCsYwfHOj

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral3behavioral4

    • Target

      Crack/Game/Bin/The.Sims.4.Launcher.exe

    • Size

      503KB

    • MD5

      260874317fdfd3e651782ce92f308acc

    • SHA1

      97102fa8bbe4f5cd5a99b961cffe4cbfe2e60940

    • SHA256

      ca389136613d579ece97f2d4775f86cd11d919b99adcdb4145ba686e2cda13c2

    • SHA512

      a007dfb764226180f10b96b5433121d2a55cf1e3b751c73f99742e6c58d28c76676c2543681dd39e3a94a486d251ef6b88d20b87e538de56e9ea1437d5a7a439

    • SSDEEP

      12288:LR52ZS10kzeMRyko7vasOeJ+joEkw9Kawv5ad+WYkj:V52ZI0YyrauJcoEkqvwvw2kj

    Score
    1/10
    behavioral5behavioral6

    • Target

      www.3dmgame.com.url

    • Size

      122B

    • MD5

      49cbfed4fa9b3fafdc9d499b6163fa62

    • SHA1

      28decd9138bd3f7b3ef38bf9e40cd0d6305d1cdb

    • SHA256

      03df27e82600098c34c413cc2e45b43638d3ac33666960cfbd913f1c3f9a0b11

    • SHA512

      64e91ed564ef64d7687599012c4728b811fec2661dcb7941374cdd3a8450563073c67c452d97d43545f49182fbda2c26702dd35088723ace21717282d1233627

    Score
    6/10
    evasiontrojanpersistence
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks