09238e013da42b83602ad3eabd759f980292e6208d0d67f95051e2b29893f9b6 | Triage

Sharing

General

Target

09238e013da42b83602ad3eabd759f980292e6208d0d67f95051e2b29893f9b6
Size

663KB
Sample

221125-fwve8sgf6t
MD5

66b7385938c5dd49bae67b1fa439db4d
SHA1

4c7860b8a2ec3676a5ec33cf0880ab0c8f106fd4
SHA256

09238e013da42b83602ad3eabd759f980292e6208d0d67f95051e2b29893f9b6
SHA512

66c837c98768a65aee402bafa6637684e247e15a5b6655b06d5b2575a1f406032c0a3f6b7684caa06ce1fca998b0a9638ce5e0c47fe412f3828f21e33fe24906
SSDEEP

12288:evxr7CgRWWmPOMEyAtACL7okarUaSvPUMWC7LD79zOyrTLQt5aGcM:sxregQWmOzySrL7ovr+vPUHChlrTUtR

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  SWZ-2.03/【520传奇】守望者加速2.03/GWH_d3d9.dll
- Size
  
  125KB
- MD5
  
  dbc0315bce54b4f4a6dd0b2527be1e92
- SHA1
  
  3747fbc12557ae456e0a5ab1367d368766befc5c
- SHA256
  
  c7b80c2adfcf778923fb8c91e749162f0bd948ea48c291130b2e9576181dd3f0
- SHA512
  
  4ba29478fa9dbb3802a3e5fe7a4517960bc586923ccf8a1bbac0308a92117c61f4ee9bea6d39fa3690a77d209217dee5967eafe0a8da8061a3ab229f2d9c3762
- SSDEEP
  
  1536:yfTuFJmuEHFRAg0JaQTvlw4LZM/T68ANKCRnC3g/Y6Z/+54arPiHu3y:yfTuFJmlc3iJCRCQ/PQ54aD
Score

3^/10
behavioral1 behavioral2
- Target
  
  SWZ-2.03/【520传奇】守望者加速2.03/GWHookMan.dll
- Size
  
  221KB
- MD5
  
  2c888c17546bcb8d00f31708e4f2063b
- SHA1
  
  16eed93cf69c986d2f7d2086f83df8e69cc07497
- SHA256
  
  6b28948d9e4c4a3abf3e638d7f2dd58b2061936ef7667525855d76e5024e7839
- SHA512
  
  30e729196d51527b4e4a66ab492cf0eb21677329603421f994c2a13049d812e0785d8687a52507852a7f58646285f35f3d02161bf3e0a600b8ec6ea980ad895e
- SSDEEP
  
  3072:6+Uma3UstdxTRAZOP0EhfGIdoASnmEskq5/JbP:lUmSPyU0kezRfsk4
Score

1^/10
behavioral3 behavioral4
- Target
  
  SWZ-2.03/【520传奇】守望者加速2.03/GameWatcher.exe
- Size
  
  539KB
- MD5
  
  acb1c722382b1fab3d8de9465a0e1ad9
- SHA1
  
  04eba7da70c7e75fe36ea6e25d1ff30ff965a510
- SHA256
  
  6ac229111964eabe293241f73bd006a22263dc21a3e5c814f20a589fb8994b9c
- SHA512
  
  8666f505e7e836c4590b259b65bfd21bb6ef5f3790f7960f4d4b60885c8fa7c2b2aff50d0b3110990d106f2300c9b37b4f6e9ce004c162ea720e02a63fe6e7a5
- SSDEEP
  
  12288:sY0MfXZT5dPiuNsEgyQzml+bLzuD0XGTs8UeV:sx8ZFtnHWzml/DGqs8x
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  SWZ-2.03/【520传奇】守望者加速2.03/Gwken.dll
- Size
  
  14KB
- MD5
  
  1723ea092c36a5b8badcebc1395223b9
- SHA1
  
  ee5d480c413b8f5b89c27039128ff4943fe41bb3
- SHA256
  
  8303326fa742c25d90a6cf8e9ac0b350a3b837d117ccf291bdd19f54da69f7c6
- SHA512
  
  93a4a48a5bd6e8a90d0c2606879c43a6c735697d7e2cc7bc4daae0f52a77203fffdcf5db11bd81b7c8484b8ba59018f4f4dfbe1509b64f196241c3ed4d149c26
- SSDEEP
  
  192:wnqiDIuf+Y+7QkgTaiJh/5m1xXe1QcFmNb+VWhxoepwi8U:wnqO9+YeQkgTa0Y1xeF2b+MxogN8
Score

1^/10
behavioral7 behavioral8
- Target
  
  数码资源网.url
- Size
  
  244B
- MD5
  
  305983ae6219bf10d517e168b3ebe5ea
- SHA1
  
  b30177e0d7aa2c46843fa9c728c8a9319f34c6a1
- SHA256
  
  a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f
- SHA512
  
  def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bootkitpersistence

behavioral6

bootkitpersistence

behavioral7

behavioral8

behavioral9

behavioral10