Overview
overview
10Static
static
8MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
1MirServer/...er.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...rv.exe
windows7-x64
1MirServer/...rv.exe
windows10-2004-x64
1MirServer/...pk.dll
windows7-x64
8MirServer/...pk.dll
windows10-2004-x64
8MirServer/...TL.dll
windows7-x64
1MirServer/...TL.dll
windows10-2004-x64
1MirServer/...al.dll
windows7-x64
1MirServer/...al.dll
windows10-2004-x64
1MirServer/...er.exe
windows7-x64
6MirServer/...er.exe
windows10-2004-x64
5MirServer/...xe.lnk
windows7-x64
3MirServer/...xe.lnk
windows10-2004-x64
3MirServer/...pk.dll
windows7-x64
MirServer/...pk.dll
windows10-2004-x64
1MirServer/...��.htm
windows7-x64
10MirServer/...��.htm
windows10-2004-x64
10MirServer/...te.exe
windows7-x64
1MirServer/...te.exe
windows10-2004-x64
3General
-
Target
7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294
-
Size
24.3MB
-
Sample
221125-3y9z2abc2s
-
MD5
c029c38a1e692f46d6a210849d08e9d5
-
SHA1
204f33e7367d20cc5d7d440e9166c284dc006bbe
-
SHA256
7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294
-
SHA512
735bfb1a8a157220c0a19d542318621e3a41b3c950a7919337a83f0fa282d5a8a7b43d3b7c4dae3b140be4eaa717bf9445a4f079d9adb2952773e9c714df9836
-
SSDEEP
786432:k1vrNXw93SqYpH8bKt7PvD/KS19fVfGV9V+mki:k1vpGSqfbgPvzuV+e
Behavioral task
behavioral1
Sample
MirServer/DBServer/DBServer.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
MirServer/DBServer/DBServer.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
MirServer/DBServer/lpk.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
MirServer/DBServer/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
MirServer/GameCenter.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
MirServer/GameCenter.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
MirServer/LogServer/LogDataServer.exe
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
MirServer/LogServer/LogDataServer.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
MirServer/LogServer/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
MirServer/LogServer/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
MirServer/LoginGate/LoginGate.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
MirServer/LoginGate/LoginGate.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
MirServer/LoginGate/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
MirServer/LoginGate/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
MirServer/LoginSrv/LoginSrv.exe
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
MirServer/LoginSrv/LoginSrv.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
MirServer/LoginSrv/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
MirServer/LoginSrv/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral19
Sample
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.dll
Resource
win7-20220901-en
Behavioral task
behavioral20
Sample
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
MirServer/Mir200/IPLocal.dll
Resource
win7-20220812-en
Behavioral task
behavioral22
Sample
MirServer/Mir200/IPLocal.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral23
Sample
MirServer/Mir200/M2Server.exe
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
MirServer/Mir200/M2Server.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
MirServer/Mir200/M2Server.exe.lnk
Resource
win7-20220901-en
Behavioral task
behavioral26
Sample
MirServer/Mir200/M2Server.exe.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
MirServer/Mir200/lpk.dll
Resource
win7-20221111-en
Behavioral task
behavioral28
Sample
MirServer/Mir200/lpk.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral29
Sample
MirServer/Readme-˵.htm
Resource
win7-20220901-en
Behavioral task
behavioral30
Sample
MirServer/Readme-˵.htm
Resource
win10v2004-20220901-en
Behavioral task
behavioral31
Sample
MirServer/RunGate/RunGate.exe
Resource
win7-20220901-en
Behavioral task
behavioral32
Sample
MirServer/RunGate/RunGate.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
MirServer/DBServer/DBServer.exe
-
Size
382KB
-
MD5
d7a8eec0e18be329c93bd2095f0df1f7
-
SHA1
f2b90bd2c0013ee4a518ad130bc481606dd9e3f1
-
SHA256
3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922
-
SHA512
8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871
-
SSDEEP
6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q
Score1/10 -
-
-
Target
MirServer/DBServer/lpk.dll
-
Size
42KB
-
MD5
4d691ae646b320e04bc2f5db3c245eb4
-
SHA1
e55533b8f117ed5cf0248f633c0e7f69d5226df6
-
SHA256
ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
-
SHA512
39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
-
SSDEEP
768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
MirServer/GameCenter.exe
-
Size
267KB
-
MD5
935ed40f01658ce10baef215912a3422
-
SHA1
43042f9bd9586e3a0c41a6370c1cefbf198168fa
-
SHA256
eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba
-
SHA512
a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c
-
SSDEEP
6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo
Score1/10 -
-
-
Target
MirServer/LogServer/LogDataServer.exe
-
Size
421KB
-
MD5
e8fae6abd9cfc6f32821f5c7366ea64f
-
SHA1
e18ba551f9ed5a258e6bb8efca394f3aff1cb246
-
SHA256
1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3
-
SHA512
acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098
-
SSDEEP
6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl
Score1/10 -
-
-
Target
MirServer/LogServer/lpk.dll
-
Size
42KB
-
MD5
4d691ae646b320e04bc2f5db3c245eb4
-
SHA1
e55533b8f117ed5cf0248f633c0e7f69d5226df6
-
SHA256
ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
-
SHA512
39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
-
SSDEEP
768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
MirServer/LoginGate/LoginGate.exe
-
Size
1.0MB
-
MD5
0efc550e000028fb8ee442366371cf13
-
SHA1
1367f081aab38a93d7419211d573b70fd9cb697f
-
SHA256
2adf95f3a52c1d8ae9c3719fc83c19fef148f263438bda85e349151f9c928272
-
SHA512
dd43699b02f7a47a2a41539f4b12f436966687dd6803075a69431998e0ee6057d043e85105c0143aa57ebdde4c4ebe10b5ae09ea2202cf8adc90f71f87a2d534
-
SSDEEP
24576:m8uxGnM0RpdCvmTm4F6ONY0pOJrSrxWmAGf/x9M7T7TVvRgJ:mlp0IGCZkO7T5
Score1/10 -
-
-
Target
MirServer/LoginGate/lpk.dll
-
Size
42KB
-
MD5
4d691ae646b320e04bc2f5db3c245eb4
-
SHA1
e55533b8f117ed5cf0248f633c0e7f69d5226df6
-
SHA256
ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
-
SHA512
39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
-
SSDEEP
768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
MirServer/LoginSrv/LoginSrv.exe
-
Size
246KB
-
MD5
7f5de1ca3a879695e175b4e4261eb5f4
-
SHA1
90f89b980c62e8de88fd4a880ede6117981b8139
-
SHA256
92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8
-
SHA512
febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485
-
SSDEEP
6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3
Score1/10 -
-
-
Target
MirServer/LoginSrv/lpk.dll
-
Size
42KB
-
MD5
4d691ae646b320e04bc2f5db3c245eb4
-
SHA1
e55533b8f117ed5cf0248f633c0e7f69d5226df6
-
SHA256
ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
-
SHA512
39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
-
SSDEEP
768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
MirServer/Mir200/Envir/QuestDiary/16sky.com/ţţ/MSCOMCTL.OCX
-
Size
1.0MB
-
MD5
f7bbb7d79adb9e3adc13f3b3c33d3d4d
-
SHA1
cacb4b31d22419e6a9ddbffcf61ae42da0d5fb8a
-
SHA256
18a83d7a420a17fcb6f56eb3ba5362c975d32e5ded7553c6fd407f07bdb7b006
-
SHA512
4870ddbdf283d7f7f64d3f4bf556600a78804f6a94fc2ca7eb778e85d70b6d2d017aa35cbddf773b6a1b6d9a2813cd67fe54ede7859050a254a3e3c05616ae0e
-
SSDEEP
24576:mnt4M/pL1wAEIqSBanK6CC33VTj+1R8xRFLqqmbD1kWIAqPA:mPL15EIqS1e6q3FmKbt4
Score1/10 -
-
-
Target
MirServer/Mir200/IPLocal.dll
-
Size
167KB
-
MD5
bbf62130e7a5966a2b7b89411ad335c8
-
SHA1
9f6a0af9525cc6b6df479d3d511e06200571c1b5
-
SHA256
da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
-
SHA512
52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
-
SSDEEP
3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK
Score1/10 -
-
-
Target
MirServer/Mir200/M2Server.exe
-
Size
1.1MB
-
MD5
d195231bd76fae92717f768c8ce955a3
-
SHA1
27343d2ca343cc20b9cc50682cd62c9565924773
-
SHA256
16528c7c0a449d3dc3c569ae412886e579b8efe6ce4a27665175b113675f0a79
-
SHA512
3713df142b4cd2d53a80f91e79c5fd1d484e898d37855b47153c5e881eb18149e11c0fb1398b868f0ce5c45baabdc4694d16d6316a0f5d437b0ee20e817b9972
-
SSDEEP
24576:uvf+2nh9rbWn/L9re8IuRRxnPFfSyvsShagqNVYWtyH5n+:u3lwBrlIuRFlv3lgTIn+
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
MirServer/Mir200/M2Server.exe.lnk
-
Size
2KB
-
MD5
91e32a2d00ecb5c9e4419ddd79ed0827
-
SHA1
fbca7979a0ddc7da037ac0695156a548d7c50716
-
SHA256
c6fe42da904289f57d58db41a5221ab265c971a96f3d1e282a04eddeebfe59f1
-
SHA512
8ddb3d6518ada91ed794b92b8a8946d928bfc85b4de0a87de693d5383307b82970719623e4eb4b084b809e2397a64e52eca151703ea36509436c04cdf1981318
Score3/10 -
-
-
Target
MirServer/Mir200/lpk.dll
-
Size
42KB
-
MD5
4d691ae646b320e04bc2f5db3c245eb4
-
SHA1
e55533b8f117ed5cf0248f633c0e7f69d5226df6
-
SHA256
ddf7073e755dd661565e8eb7b892372dc48a55fde09b1f07cda6e47ce7f8d650
-
SHA512
39f83db56c34c7a7f6d8dab0d2b073447276cb94dfd52c678fbd7a858c33de490fb1249d8d8c55114494fd1f01d07ca43defa210cc6926159c3a51e0f6992699
-
SSDEEP
768:ZojY9PqwzZNfYoMQxcttCIl1GRPKjECdVojY9P9:smlXPgtZTxECdAmF
Score1/10 -
-
-
Target
MirServer/Readme-˵.htm
-
Size
2KB
-
MD5
f2a6a504c4cb797f79e3106308f94de3
-
SHA1
a7d1a768851cd1a28901a4f2cdbc4c8fe4587818
-
SHA256
894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94
-
SHA512
1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5
Score10/10-
Detected phishing page
-
-
-
Target
MirServer/RunGate/RunGate.exe
-
Size
953KB
-
MD5
65b08a01fe44c20870c080c29e598396
-
SHA1
d992c51fe8df4b96efe5b0e45c6e7a0b411b2f34
-
SHA256
5ef0df1563395ab90ecdda04cd75a86538c040a593389a3ec8cef6114e16c4fa
-
SHA512
9a1376f8dfef3963cbc729e720ccaba7363ecb525cab76cba25542d75802853e6bb70c6923afeaa27972470801d15ab16d908384d902ce282c18c4862d7bf680
-
SSDEEP
24576:Cl6dwWRiYh9nssF+LbqPyMADUKX92Fka/d+XOmd1qd4YX:ClJWRhLg6qXX8xmdoV
Score3/10 -