Overview

overview

8

Static

static

8

QQ网域�...��.url

windows7-x64

1

QQ网域�...��.url

windows10-2004-x64

1

网域帝�...��.url

windows7-x64

1

网域帝�...��.url

windows10-2004-x64

1

腾讯cook...��.exe

windows7-x64

8

腾讯cook...��.exe

windows10-2004-x64

8

视频.exe

windows7-x64

1

视频.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94267c89ac1e68188d685b74d77fdb4bd2d65e012fc7a54ea17a1e8f9f9a0821

  • Size

    2.6MB

  • Sample

    221125-yeq1ladg5y

  • MD5

    a74c277f29e7534445eb4d7048164a84

  • SHA1

    9eaf9ee0d0855f9b661d105918fc2ca5c9994993

  • SHA256

    94267c89ac1e68188d685b74d77fdb4bd2d65e012fc7a54ea17a1e8f9f9a0821

  • SHA512

    a07535e5975cac2596ea3bcbc446d9fa0eb5b482c23922d55862b1ddfec18b8ab8bfd5c404ba46ae1943f689542f0c955596a61615bc552a32ce810ccd4d5a54

  • SSDEEP

    49152:/C9vcxsRs9eOr8jp+M6NukzcsIiGwYS+DeoBQKbXLDfkcTOLqMvVDYcAFAf9Rpad:Qqqs9eOruQM6I3DXGoLXLbItVwF9Qv+

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      QQ网域帝国首页.url

    • Size

      185B

    • MD5

      0d5e4faa8c76188b5f8044ca4fcc977e

    • SHA1

      c0fcc7ae19bb40ae3dd4c34adaa0bfcce756aae5

    • SHA256

      b3089b897f6396ad75be9d2e3bcd54696db5bfdfc76cbde098cdd454c4321fc5

    • SHA512

      47cd543f9ae0c3f0164a917524905d6037784290440a42f25d695239f72c98ed1b68d724dec25a6fad102bb3bb53599906044ccd234fa7184d539859c8a9a77b

    Score
    1/10
    behavioral1behavioral2

    • Target

      网域帝国技术论坛.url

    • Size

      129B

    • MD5

      e14a598a3996c15c6235bb7d4af807a6

    • SHA1

      5ed3a6c738f5395a226f8f7ae40d33bf26bedb90

    • SHA256

      460ed9d25d547b1893d8430214cde1b6ccfabaac0cf44b9e7fe1e4649670e785

    • SHA512

      b240b2a6eb9eb09d39b5b4428f898f6a5eeadcc8a3f70355c72af8be087d66a9be4991017c0154f749f0b069d2076998fe936b4e21baf53cbde63a0f1ecc1d6d

    Score
    1/10
    behavioral3behavioral4

    • Target

      腾讯cookis利用.exe

    • Size

      1.8MB

    • MD5

      ef465a19e8fb00180fe12ee2b4cdc27f

    • SHA1

      8a9db7680d745939d233a1a6ca2472454e86288c

    • SHA256

      d0fb60409eb0828a21c867c8e9b03bba9be4461907cebbdeae8433ade6e2fb6d

    • SHA512

      e9a18f629e5a3b4bdbea1bc394f9e9d00b36b41d3bfa7ce19f25773e8161f46c86ff1b086f6a2b1fafbd051c8430b2f5ea908895d86587a8da5c4cc6b92204eb

    • SSDEEP

      49152:Bj0eJBSzjBPQWP2qxOb1prKpKrVq+AbLsZVwm:Bj08mjBI9Fb1pZRsQ2

    Score
    8/10
    upxpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral5behavioral6

    • Target

      视频.exe

    • Size

      6.4MB

    • MD5

      2273a3fc4fc07c2d93e6848ca79d3752

    • SHA1

      7107cde1106d4bd7623fa97ca07f7d07f30d65ea

    • SHA256

      d4cc73a9362397232fd6a71ab8f85268fdd32fdf54992b22864b015df701d237

    • SHA512

      c11796bf4230de3a16b085d55cd8535b2f093fd59f93ebf5a8f874801c7a49837f4515a49f23276c6decafeaff42d03c3b87c8d00f07b273497e61f2e8a86258

    • SSDEEP

      12288:AEvLlry0ZFNegbJJvSFmn+MuZgPSFquOHKTzUAEeSrHhI0DPh:/lrrNZDPcqmzU+SrBI0t

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks