Overview

overview

9

Static

static

QQ�...��.exe

windows7-x64

9

QQ�...��.exe

windows10-2004-x64

9

ɳ�...-1.exe

windows7-x64

9

ɳ�...-1.exe

windows10-2004-x64

9

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    966db24ea03200be6c87015feb719b7ae1153a1905b5fe9161e84e5b7d801d58

  • Size

    3.1MB

  • Sample

    221125-yaqh9sae33

  • MD5

    0c577878b87abfbf3048e10dfff5971f

  • SHA1

    43c2f0a71e1eb7bd2645b49f1b4e063827220aeb

  • SHA256

    966db24ea03200be6c87015feb719b7ae1153a1905b5fe9161e84e5b7d801d58

  • SHA512

    f060fb7400640d871cab2bf71dfbf4ef089a75fb59389927d79071dc65b19ed38c843ffd2c01719710f70b30dbfdffa8d144b1915cf3765abc920db0dec0cf3f

  • SSDEEP

    98304:45xqPEG+2UK8rE3FpaEU8D1Yf9xllauvgyMg:4uspj/rEVhU8D1YfVlam

Score
9/10
evasion

Malware Config

Targets

    • Target

      QQת/滻ð.exe

    • Size

      1.1MB

    • MD5

      57118487378369b418b0b3bede98b6dc

    • SHA1

      701b106d0ee123b208d33c91cd97f407ee29295a

    • SHA256

      e7db4d8876a3edce6c58633f4b7750ddb08116b86594a860cb1f0d1a8298990f

    • SHA512

      989c88a54549a16a92aa0731dde7381764119d5247c4442a510966c2c15080b5734bfcf58c011c583e11b3de32c0d0798302b3d7b512393d746c3a511a8fdb32

    • SSDEEP

      24576:TvhOSjkSq+tBB2FIK4+cLEXos6cLmKL0m5cG/xAhNcXoC3z+aK:TkSjkSqIBO1jJXo3Kv5l/GDcXpD+aK

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      ɳָɼͥͨð1230-1.exe

    • Size

      2.2MB

    • MD5

      eca03a4b24d2a3590a1737bcc552c0fc

    • SHA1

      e7cc5d390efad15059f657772cbb38c36df17255

    • SHA256

      053ddbf900bade361964f53714cc2e9e61250dd0ba4cc42235558cae141f92fb

    • SHA512

      96825e28cc49beab474acb60c20f5a02ec6fec1fd9534bca7f4b57fce259547a519558cc1c5b229b72d7f13f1b47d334efd4d0978ba62328354b7267fce9a97e

    • SSDEEP

      49152:pmGHGyDECi3GPTKroiHFsQNiYqKbKxO7rc99cIW/dsd5q:pcyO2PT8ooFNNEKbK4/K9cIfd5q

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Ϸ.url

    • Size

      168B

    • MD5

      ff1050dbffd353fcf1b33e1b98c46a43

    • SHA1

      84d1da117d9fa9adb5092180f945288f6bd350c4

    • SHA256

      264ced769e31afc066f90002420c4c52fae622a340483e35d149e3db836ed3d5

    • SHA512

      590bfca4916ac3b2cd4898d67fee017d5ba2b3129bfee51ba79bcbb04d1a593af28cd0724ee9f9bac75de8efe2bfbd9e15a086cece1b8ca47b64a70151db7f2c

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

4
T1497

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

4
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks