Overview

overview

8

Static

static

8

1001下载乐园.url

windows7-x64

1

1001下载乐园.url

windows10-2004-x64

1

EChartBar.dll

windows7-x64

1

EChartBar.dll

windows10-2004-x64

1

TrayIcon.dll

windows7-x64

1

TrayIcon.dll

windows10-2004-x64

3

eAPI.dll

windows7-x64

1

eAPI.dll

windows10-2004-x64

1

krnln.dll

windows7-x64

1

krnln.dll

windows10-2004-x64

1

main.exe

windows7-x64

1

main.exe

windows10-2004-x64

1

xplib.dll

windows7-x64

1

xplib.dll

windows10-2004-x64

1

yhzj.exe

windows7-x64

8

yhzj.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5

  • Size

    739KB

  • Sample

    221125-2x3nwsgb21

  • MD5

    e064641d44e060ada02230fae6cd3e0c

  • SHA1

    6d4bb5f7acb81c1863a3aac4326b8242a9f3901e

  • SHA256

    da9e56c2024fe19b1c9cc48154fc21cb559a9af23523963cb5471ec612eab8e5

  • SHA512

    65b5d4e73c0c19225d294c9346048ce95b79bd09edd23b8c15e92983d22fbc9fa17d29a72c0148d4ce3f179ac5ac6b91238492bccc68f6e68e987297beea1936

  • SSDEEP

    12288:qxaiOsMTO9CowyblvhU3J1iwd/ZrP6z+ilzgzXAVOKkNVGBYiTP2L:qxUst9CVkl5c1iwd/lctVVO3QxeL

Score
8/10
aspackv2persistenceupx

Malware Config

Targets

    • Target

      1001下载乐园.url

    • Size

      194B

    • MD5

      34b8b1c2cb71513650cab8e89d35d38b

    • SHA1

      8780483b8a6e47bc80e94a33f2fd801cab078e57

    • SHA256

      4af83175edf5a30c203679097ee12cf109e3f8217e41898224735ce3046a4d73

    • SHA512

      0775cd01d8832dafd25de5f7be589175e130ffab928bce7872c59adf50b6b63d623fc1a7f7271b067cda7a3d88415f320b69455035afb2a7fc208548b450b70e

    Score
    1/10
    behavioral1behavioral2

    • Target

      EChartBar.fne

    • Size

      111KB

    • MD5

      c55a2f2a4eadd7b9d6dd69a285ba94c0

    • SHA1

      29896ead142ec1586c6679cbfad3b3915a0759e3

    • SHA256

      03e737400c0409bbda7f9a2c0c64de0ff66df611a2315b90264c0b502e38c37f

    • SHA512

      bedb6f148578b02dfe66c5f32d1161e0ec671d0ceeb9e04c95e73a038faef9f57395e424c325b32db65c3248e9bfd1f5b9c4531a3002cc4f349b5f2e8e369b7d

    • SSDEEP

      3072:l88MbWhkWun5ldiKaYacPqLMfeooE79neT4x7:l88M6k7dzPacPgK5

    Score
    1/10
    behavioral3behavioral4

    • Target

      TrayIcon.fne

    • Size

      90KB

    • MD5

      8f3d81e200f13a005d6a8854cb196e0a

    • SHA1

      22528752af1077b8466f3cec7828c1c4a047e2e0

    • SHA256

      9584c3ac7e5122d4d547b7b6cfbd9ee7931667334ff3a90a0e2a765825904ca3

    • SHA512

      f646c8245e0ca0b253838788bbd9725d138321fb864f097f791e8c7bfae5690b2f539fccb80a58119e7ff8e9e963ad8b45e1cdd05fab600b0de519e09a75260d

    • SSDEEP

      1536:m54Wdjz/4flqNW1LmJN1AI/2SYkLHLkwRdgpAab4ko6nOKUrr8n6XoDZf7qxuZw:Q4WKMNWpmJNYSf4wiAa1o6nOT386Xouu

    Score
    3/10
    behavioral5behavioral6

    • Target

      eAPI.fne

    • Size

      312KB

    • MD5

      64aefef610718b294203ae2956254c01

    • SHA1

      c8ef50708bec760f0f9683d21f9cdb3456298b0f

    • SHA256

      d072e1f656b1eb28f392739aaa35d1c9d665c71b757c7f06115915d233fd639d

    • SHA512

      11f6cb8fd4d4826a0b27922cdada2dd5179f9e927fb2303677684bfcf089b3a756cbcc0e3c6d9517e2daeb82880cc2af2fc27d0e30e171288c5fb6af26ec26df

    • SSDEEP

      3072:QVBuza6k99TrJeRA3iO3iL24Qf5JQ3vWjWHpcE7x8rADTDA4W0kJPoFwfVGrFwQH:QVwza6E9TYqy9QB0OILXaVWwQ+5odS

    Score
    1/10
    behavioral7behavioral8

    • Target

      krnln.fnr

    • Size

      1.0MB

    • MD5

      a97880e00e1102bcfd7ba34771eced8b

    • SHA1

      e6c631f22db689cb351e17dea9691eb460dcb3b3

    • SHA256

      6b2a9a59920baefd2bd9c3da82bcf0405b2c56c7fd664e74eeffaefbee55afdf

    • SHA512

      70132880538c26b0d40df23fbaf4fb1e4010e60fc9983077cfc6f7a38f7d16118efcae197cc45232b210089371428b4c102620ee783db0881f6d8be2173b66b4

    • SSDEEP

      12288:G7EeVXIXJrSuAFGA+3EgDYRx4Wwp1dt8dbA9iTaVHHWntQKcB9IHy7Y:qXQJrStDSESYwW81d398aVHIGHIHy7Y

    Score
    1/10
    behavioral10behavioral9

    • Target

      main.dat

    • Size

      9KB

    • MD5

      523d5c39f9d8d2375c3df68251fa2249

    • SHA1

      d4ed365c44bec9246fc1a65a32a7791792647a10

    • SHA256

      20e3dc90a3e83b6202e2a7f4603b60e5e859639cb68693426c400b13aaeabd78

    • SHA512

      526e1bba30d03f1ac177c6ab7409187a730969c429cebef15da68ffcf44b3b93227781eebc827b2f7a0fa17c391e00a0e532263fd0167aeaeb0456f96cfe3ae4

    • SSDEEP

      192:8g+i1VkHYXYxKTUtmPeQpLMFnlI1cTtYiAxHbDq/MR9tpL2OMoUwGCfpAGdDeqVs:LLXYxKTUtmPeQpLMFnCQHAx7D0MnKOMJ

    Score
    1/10
    behavioral11behavioral12

    • Target

      xplib.fne

    • Size

      44KB

    • MD5

      42b2b31c7bcfa78ce4c9b6a5774b13d3

    • SHA1

      adf05e17dee611483953c05e1fc773de21069b6e

    • SHA256

      ee1b367fac5bb8b974d0c3ac84711d420efb0d2e7815122891be9406f1033859

    • SHA512

      79d3486f90c9cee653ab4e75a5a627de6d0fef990cfca8cd471aae830d4bf6593910bbc318792227388756e772e6bbb61aa0c6946a535bca99b57aeb141329b1

    • SSDEEP

      768:8aN5cLRdtjnf4+BvrtgQTQmrm9v8ni5Cu3Sob+q:3NqLRdtjnuQTQmq9kiaoT

    Score
    1/10
    behavioral13behavioral14

    • Target

      yhzj.exe

    • Size

      50KB

    • MD5

      88b39d09645aa838387fc95670aa36c6

    • SHA1

      e16f50586abf4e6857c8537b23ddd0a45a9a25a2

    • SHA256

      53d880178a910f1ed651139ce5c869dd215e2f309718a7295612131b608bcab6

    • SHA512

      6c74f37c961782ceb6da599fd8ee64432c9f8cfa19db17827bf0955224b3d2c2dc9ffc7188984915e57d436d083e2acdc28e8c06e97941c127766a3bd1174f63

    • SSDEEP

      768:Ka1aKW+gwxMvEGiCuBEPKTBZGgV6zBIx7QEHzEaUxCCKsPa4TaDIv8dP:Khxo4E3196zMpHwACKG+I8P

    Score
    8/10
    persistenceupx

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks