7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294

Sharing

Copy URL

Twitter E-mail

General

Target

7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294
Size

24.3MB
Sample

221125-3y9z2abc2s
MD5

c029c38a1e692f46d6a210849d08e9d5
SHA1

204f33e7367d20cc5d7d440e9166c284dc006bbe
SHA256

7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294
SHA512

735bfb1a8a157220c0a19d542318621e3a41b3c950a7919337a83f0fa282d5a8a7b43d3b7c4dae3b140be4eaa717bf9445a4f079d9adb2952773e9c714df9836
SSDEEP

786432:k1vrNXw93SqYpH8bKt7PvD/KS19fVfGV9V+mki:k1vpGSqfbgPvzuV+e

Score

10^/10

Malware Config

Targets

- Target
  
  MirServer/DBServer/DBServer.exe
- Size
  
  382KB
- MD5
  
  d7a8eec0e18be329c93bd2095f0df1f7
- SHA1
  
  f2b90bd2c0013ee4a518ad130bc481606dd9e3f1
- SHA256
  
  3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922
- SHA512
  
  8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871
- SSDEEP
  
  6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q
Score

1^/10
behavioral1 behavioral2
- Target
  
  MirServer/DBServer/lpk.dll
- Size
  
  42KB
- MD5
  
  4d691ae646b320e04bc2f5db3c245eb4
- SHA1
  
  e55533b8f117ed5cf0248f633c0e7f69d5226df6
- SHA256
  
  ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
- SHA512
  
  39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
- SSDEEP
  
  768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  MirServer/GameCenter.exe
- Size
  
  267KB
- MD5
  
  935ed40f01658ce10baef215912a3422
- SHA1
  
  43042f9bd9586e3a0c41a6370c1cefbf198168fa
- SHA256
  
  eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba
- SHA512
  
  a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c
- SSDEEP
  
  6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo
Score

1^/10
behavioral5 behavioral6
- Target
  
  MirServer/LogServer/LogDataServer.exe
- Size
  
  421KB
- MD5
  
  e8fae6abd9cfc6f32821f5c7366ea64f
- SHA1
  
  e18ba551f9ed5a258e6bb8efca394f3aff1cb246
- SHA256
  
  1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3
- SHA512
  
  acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098
- SSDEEP
  
  6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl
Score

1^/10
behavioral7 behavioral8
- Target
  
  MirServer/LogServer/lpk.dll
- Size
  
  42KB
- MD5
  
  4d691ae646b320e04bc2f5db3c245eb4
- SHA1
  
  e55533b8f117ed5cf0248f633c0e7f69d5226df6
- SHA256
  
  ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
- SHA512
  
  39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
- SSDEEP
  
  768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral10 behavioral9
- Target
  
  MirServer/LoginGate/LoginGate.exe
- Size
  
  1.0MB
- MD5
  
  0efc550e000028fb8ee442366371cf13
- SHA1
  
  1367f081aab38a93d7419211d573b70fd9cb697f
- SHA256
  
  2adf95f3a52c1d8ae9c3719fc83c19fef148f263438bda85e349151f9c928272
- SHA512
  
  dd43699b02f7a47a2a41539f4b12f436966687dd6803075a69431998e0ee6057d043e85105c0143aa57ebdde4c4ebe10b5ae09ea2202cf8adc90f71f87a2d534
- SSDEEP
  
  24576:m8uxGnM0RpdCvmTm4F6ONY0pOJrSrxWmAGf/x9M7T7TVvRgJ:mlp0IGCZkO7T5
Score

1^/10
behavioral11 behavioral12
- Target
  
  MirServer/LoginGate/lpk.dll
- Size
  
  42KB
- MD5
  
  4d691ae646b320e04bc2f5db3c245eb4
- SHA1
  
  e55533b8f117ed5cf0248f633c0e7f69d5226df6
- SHA256
  
  ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
- SHA512
  
  39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
- SSDEEP
  
  768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  MirServer/LoginSrv/LoginSrv.exe
- Size
  
  246KB
- MD5
  
  7f5de1ca3a879695e175b4e4261eb5f4
- SHA1
  
  90f89b980c62e8de88fd4a880ede6117981b8139
- SHA256
  
  92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8
- SHA512
  
  febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485
- SSDEEP
  
  6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3
Score

1^/10
behavioral15 behavioral16
- Target
  
  MirServer/LoginSrv/lpk.dll
- Size
  
  42KB
- MD5
  
  4d691ae646b320e04bc2f5db3c245eb4
- SHA1
  
  e55533b8f117ed5cf0248f633c0e7f69d5226df6
- SHA256
  
  ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
- SHA512
  
  39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
- SSDEEP
  
  768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.OCX
- Size
  
  1.0MB
- MD5
  
  f7bbb7d79adb9e3adc13f3b3c33d3d4d
- SHA1
  
  cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a
- SHA256
  
  18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006
- SHA512
  
  4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e
- SSDEEP
  
  24576:mnt4M/pL1wAEIqSBanK6CC33VTj+1R8xRFLqqmbD1kWIAqPA:mPL15EIqS1e6q3FmKbt4
Score

1^/10
behavioral19 behavioral20
- Target
  
  MirServer/Mir200/IPLocal.dll
- Size
  
  167KB
- MD5
  
  bbf62130e7a5966a2b7b89411ad335c8
- SHA1
  
  9f6a0af9525cc6b6df479d3d511e06200571c1b5
- SHA256
  
  da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
- SHA512
  
  52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
- SSDEEP
  
  3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK
Score

1^/10
behavioral21 behavioral22
- Target
  
  MirServer/Mir200/M2Server.exe
- Size
  
  1.1MB
- MD5
  
  d195231bd76fae92717f768c8ce955a3
- SHA1
  
  27343d2ca343cc20b9cc50682cd62c9565924773
- SHA256
  
  16528c7c0a449d3dc3c569ae412886e579b8efe6ce4a27665175b113675f0a79
- SHA512
  
  3713df142b4cd2d53a80f91e79c5fd1d484e898d37855b47153c5e881eb18149e11c0fb1398b868f0ce5c45baabdc4694d16d6316a0f5d437b0ee20e817b9972
- SSDEEP
  
  24576:uvf+2nh9rbWn/L9re8IuRRxnPFfSyvsShagqNVYWtyH5n+:u3lwBrlIuRFlv3lgTIn+
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral23 behavioral24
- Target
  
  MirServer/Mir200/M2Server.exe.lnk
- Size
  
  2KB
- MD5
  
  91e32a2d00ecb5c9e4419ddd79ed0827
- SHA1
  
  fbca7979a0ddc7da037ac0695156a548d7c50716
- SHA256
  
  c6fe42da904289f57d58db41a5221ab265c971a96f3d1e282a04eddeebfe59f1
- SHA512
  
  8ddb3d6518ada91ed794b92b8a8946d928bfc85b4de0a87de693d5383307b82970719623e4eb4b084b809e2397a64e52eca151703ea36509436c04cdf1981318
Score

3^/10
behavioral25 behavioral26
- Target
  
  MirServer/Mir200/lpk.dll
- Size
  
  42KB
- MD5
  
  4d691ae646b320e04bc2f5db3c245eb4
- SHA1
  
  e55533b8f117ed5cf0248f633c0e7f69d5226df6
- SHA256
  
  ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
- SHA512
  
  39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
- SSDEEP
  
  768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score

1^/10
behavioral27 behavioral28
- Target
  
  MirServer/Readme-˵.htm
- Size
  
  2KB
- MD5
  
  f2a6a504c4cb797f79e3106308f94de3
- SHA1
  
  a7d1a768851cd1a28901a4f2cdbc4c8fe4587818
- SHA256
  
  894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94
- SHA512
  
  1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5
Score

10^/10

phishing
- Detected phishing page
  phishing
behavioral29 behavioral30
- Target
  
  MirServer/RunGate/RunGate.exe
- Size
  
  953KB
- MD5
  
  65b08a01fe44c20870c080c29e598396
- SHA1
  
  d992c51fe8df4b96efe5b0e45c6e7a0b411b2f34
- SHA256
  
  5ef0df1563395ab90ecdda04cd75a86538c040a593389a3ec8cef6114e16c4fa
- SHA512
  
  9a1376f8dfef3963cbc729e720ccaba7363ecb525cab76cba25542d75802853e6bb70c6923afeaa27972470801d15ab16d908384d902ce282c18c4862d7bf680
- SSDEEP
  
  24576:Cl6dwWRiYh9nssF+LbqPyMADUKX92Fka/d+XOmd1qd4YX:ClJWRhLg6qXX8xmdoV
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

Detected phishing page

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32