General
-
Target
966db24ea03200be6c87015feb719b7ae1153a1905b5fe9161e84e5b7d801d58
-
Size
3.1MB
-
Sample
221125-yaqh9sae33
-
MD5
0c577878b87abfbf3048e10dfff5971f
-
SHA1
43c2f0a71e1eb7bd2645b49f1b4e063827220aeb
-
SHA256
966db24ea03200be6c87015feb719b7ae1153a1905b5fe9161e84e5b7d801d58
-
SHA512
f060fb7400640d871cab2bf71dfbf4ef089a75fb59389927d79071dc65b19ed38c843ffd2c01719710f70b30dbfdffa8d144b1915cf3765abc920db0dec0cf3f
-
SSDEEP
98304:45xqPEG+2UK8rE3FpaEU8D1Yf9xllauvgyMg:4uspj/rEVhU8D1YfVlam
Static task
static1
Behavioral task
behavioral1
Sample
QQת/滻ð.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
QQת/滻ð.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
ɳָɼͥͨð1230-1.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
ɳָɼͥͨð1230-1.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Ϸ.url
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Ϸ.url
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
QQת/滻ð.exe
-
Size
1.1MB
-
MD5
57118487378369b418b0b3bede98b6dc
-
SHA1
701b106d0ee123b208d33c91cd97f407ee29295a
-
SHA256
e7db4d8876a3edce6c58633f4b7750ddb08116b86594a860cb1f0d1a8298990f
-
SHA512
989c88a54549a16a92aa0731dde7381764119d5247c4442a510966c2c15080b5734bfcf58c011c583e11b3de32c0d0798302b3d7b512393d746c3a511a8fdb32
-
SSDEEP
24576:TvhOSjkSq+tBB2FIK4+cLEXos6cLmKL0m5cG/xAhNcXoC3z+aK:TkSjkSqIBO1jJXo3Kv5l/GDcXpD+aK
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
ɳָɼͥͨð1230-1.exe
-
Size
2.2MB
-
MD5
eca03a4b24d2a3590a1737bcc552c0fc
-
SHA1
e7cc5d390efad15059f657772cbb38c36df17255
-
SHA256
053ddbf900bade361964f53714cc2e9e61250dd0ba4cc42235558cae141f92fb
-
SHA512
96825e28cc49beab474acb60c20f5a02ec6fec1fd9534bca7f4b57fce259547a519558cc1c5b229b72d7f13f1b47d334efd4d0978ba62328354b7267fce9a97e
-
SSDEEP
49152:pmGHGyDECi3GPTKroiHFsQNiYqKbKxO7rc99cIW/dsd5q:pcyO2PT8ooFNNEKbK4/K9cIfd5q
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ϸ.url
-
Size
168B
-
MD5
ff1050dbffd353fcf1b33e1b98c46a43
-
SHA1
84d1da117d9fa9adb5092180f945288f6bd350c4
-
SHA256
264ced769e31afc066f90002420c4c52fae622a340483e35d149e3db836ed3d5
-
SHA512
590bfca4916ac3b2cd4898d67fee017d5ba2b3129bfee51ba79bcbb04d1a593af28cd0724ee9f9bac75de8efe2bfbd9e15a086cece1b8ca47b64a70151db7f2c
Score1/10 -