Overview

overview

8

Static

static

CF芭比�...P1.exe

windows7-x64

8

CF芭比�...P1.exe

windows10-2004-x64

8

当下软件园.url

windows7-x64

1

当下软件园.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    329a25a596a6445ee94e5186d075dc17e2f37e0de64e13a5d170a87d4323f2e1

  • Size

    546KB

  • Sample

    221125-dk1rrsbc6s

  • MD5

    c3b63a92330dcf900911de4d47f77d0f

  • SHA1

    abd7e80304c4977362d3fd6274eac87e24cf017f

  • SHA256

    329a25a596a6445ee94e5186d075dc17e2f37e0de64e13a5d170a87d4323f2e1

  • SHA512

    e4f1bf98f65591a08ceebcadf69f020a9cb262264531062e26337332b9bf251ca38ca36c7c8cd9e9dcc128e8e096f2151322ff4b9cb28e5ed164646bc37c7d8b

  • SSDEEP

    12288:nmUOo+AKBtUbfaUXETTI/8LxcV6rydD1mjFCmY0D9AqKhghqPeNgJ:WA3bTXET08Lxu6ryJ1mjFCaAgde

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      CF芭比多功能版0403SP1.exe

    • Size

      1.7MB

    • MD5

      0721bc6496cbac2439116181fcfb1f07

    • SHA1

      1fae1bd4795a20331a31ce0d6c7e10d43449522f

    • SHA256

      d762d0626ee6f55b35c64ac6d967d17872939494063d65031c7f4d2674d3d945

    • SHA512

      55679ab7d278fa1f80950478fb41f9a6d3344f6e04ffc341435fa91b4990f5a78b4610bd474f9a2c00fc9f511bee79c79f9dfcb00e6f17c3a7d123a07bfaaf2d

    • SSDEEP

      24576:++i1xhYn/l2h9SarbVTwi/VXOkJmy7ujeNFmEFv4bEk7j:++uh4Gd3VTBdOOtmE14J

    Score
    8/10
    upxpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      当下软件园.url

    • Size

      191B

    • MD5

      bdcc801fa8403eaecc71f63b740915af

    • SHA1

      09c2f81338105d011694863280a76ea62a4e915e

    • SHA256

      cab4f112f7e56424a7a00e6b6235a81be1ea980c2bd6529be764037f29de2ce5

    • SHA512

      8af0b84bfd990c499b9bd7811d581f249c6b974bd13737468c05825cab019f340ca42d3a5ee4c54cfb79cfa60bf230058ada271fe49925a0b8aa7a191c13295d

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks