9eef6e2d4e5d2511a3fb86645bc5ae5d239a58da5b5650470a5deece1c731668

Sharing

Copy URL

Twitter E-mail

General

Target

9eef6e2d4e5d2511a3fb86645bc5ae5d239a58da5b5650470a5deece1c731668
Size

21.8MB
Sample

221125-z7vpxsfh54
MD5

5d4fc3e4c262645eeaeaed657ea4b716
SHA1

82c640b6650e3496393a4e7fa195ea99544e81cf
SHA256

9eef6e2d4e5d2511a3fb86645bc5ae5d239a58da5b5650470a5deece1c731668
SHA512

a752a041213f64642debd8c64f5e0528bf813e1228993731a83d45a499dd7dd96e99361931ed8bd192001b5a9d2b305bd03fda3904f420a7b4fe9f97c25fe031
SSDEEP

393216:7UYLXawoljZL0+KqXePRpVHAjGn3T5PXHqHLzt44QyK8GvFDRa:7FKwoljpePRpVx9PXqHPt44QD8QRa

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  傳奇守護者免费版1.8.9/detection/boss.dat
- Size
  
  1.0MB
- MD5
  
  d10df1b05726682a8f3b1eec2f79b7c5
- SHA1
  
  c2f6f70623349680b778aafce709f1f6b1e6c76a
- SHA256
  
  b18ea2e196cc10efa72d74d17aadf578f6febec139b7cb848d4cb822227b7966
- SHA512
  
  9cff94ed34bb66e318e0c33f51b5c7bbed12dd5ea0c9f94bd9c8eb01aeef7a0c5b7dd575257a93f07797a1e3d08c3d507507466ca96af55fcc79ec475ccf29ab
- SSDEEP
  
  12288:8oaFLKFyvgN9mAEfpYcUS+xdeumxmp5sVIJlinSlwerIRHvmqRUNzs0d8xhI9A1G:8o2iyvI9hEfplUcRTnrF0sPVu
Score

3^/10
behavioral1 behavioral2
- Target
  
  傳奇守護者免费版1.8.9/detection/ly.exe
- Size
  
  696KB
- MD5
  
  61e693f3bd7627062a4ded2de831aedc
- SHA1
  
  87cc3a757d6b225bccd1254a42ef3fcfce73784e
- SHA256
  
  9a3a1eb330684e280e7c9bc6d521c3d2ee09fca47550856d9d3bc476a1f11ce8
- SHA512
  
  39b80fcf259cf8afce47c1c5cb304b4f2d7817fe1e5961731af4ee833b4cd71089ab8d0c9abfb4174c0a58a7d8cab71f1638a76699801c44d303dc7971c91a0f
- SSDEEP
  
  6144:GnvnnnluhSThKSXnXeaXrh+oxmFwkroTYnSScJAVwSTQgmTvonb/tRZJ:GnfnlZtbnzXrh+kGngqwSVeA
Score

1^/10
behavioral3 behavioral4
- Target
  
  傳奇守護者免费版1.8.9/detection/passWs.dll
- Size
  
  430KB
- MD5
  
  55342de35b22374c9f71e7611503af86
- SHA1
  
  359b98553dd6feccd24ee976842764befbf087e5
- SHA256
  
  296bb64ccf5b12973f163d809a605cd9d7d80f7a6662a295d9d7a51111be6a75
- SHA512
  
  190ec3392e73c1eb8686638ceb100a9c6e496f2707a90d690940dbc79963a70354643e538e75fc42466b17be06cfe1645a867f6588e00a9a3661e5d7f245ad3d
- SSDEEP
  
  6144:qIrG2ZxmdksT5tx8NOyrjhSSrmUgpYSTgoTx1JMi1jzEX5Lr1qRLCbVbE0mq5+Fe:q5K+FXAZqELxy1DjTt
Score

3^/10
behavioral5 behavioral6
- Target
  
  傳奇守護者免费版1.8.9/detection/passpk.exe
- Size
  
  544KB
- MD5
  
  836123d9e6e86b89913ad2c55cb73005
- SHA1
  
  13368c2e7470fc1d6c10139350ba9874577f7e90
- SHA256
  
  60c5543fd6055bd2a48528a726a27881d20a73fb3a32ec2118f4b559e62b6c24
- SHA512
  
  1a350134d5e0c35696d897600c381317ed1b9750ff1bb0a8e72a2d8f0ceb4e6861115d2ac08f107da834120587a82774675ad08e18f5f1a362f66926dd462aef
- SSDEEP
  
  6144:s9yqudfCdkFDDwOZmzeLV24vjBY8yc6wwpg72hlq6zCJqF/2NSMH/:zq1+/wOZcxsSSWp8gkrq1
Score

1^/10
behavioral7 behavioral8
- Target
  
  傳奇守護者免费版1.8.9/detection/passty.dll
- Size
  
  816KB
- MD5
  
  b62b4210548f391d68af74870d460447
- SHA1
  
  e27fc7c3cb292a5e06c018fd3b93c9671460796e
- SHA256
  
  1dea7793602d77a42c77ba4e37b0c294af383810bff64ed1f7ba6d75118cdd46
- SHA512
  
  89d35866260fc5b914a4689dee3b7c7fc4b3bdde5645cd88ec992c3de4e953697bc54b7f6881aa81cc59944cf8f47182dda75464311fdbdd22a27889fd4cca2f
- SSDEEP
  
  12288:UYZpOdz9zrhHymlKKpkOsbZQV+L01sY2A72/RabB:zZpOdJzNHPlCOsbZQV+L013IRabB
Score

8^/10

vmprotect
- Blocklisted process makes network request
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  傳奇守護者免费版1.8.9/detection/tempj/InjDuck.dll
- Size
  
  187KB
- MD5
  
  4ac7e68243f06cc27fdf55c225b9f04c
- SHA1
  
  4e11ec30fcc29c4dbecbb7def16ada567f3d222c
- SHA256
  
  724975eed2b5153760d3ea82fa2973fedd56b912b453bc081d07d6b8ef70ce47
- SHA512
  
  0f9fd68ac7f9b39d984ad2fcb2d7e18d4738bc350e341aa42a8e8a934d5229c4efec85e146c2339c5091bf765c3e506207ba265e039635b24e60a79b0f9cf244
- SSDEEP
  
  3072:9V10KsmH1QY0t9QHIDbrsnxFX4mTjAfVsxSGyHkiTK5shm/i9Lsj3:9H0Ksm+Jt9QHkbInLX4mesxSGyE0PhG
Score

1^/10
behavioral11 behavioral12
- Target
  
  傳奇守護者免费版1.8.9/detection/tempj/jx.exe
- Size
  
  688KB
- MD5
  
  77a1139843a33ac7ae469e4048d6186b
- SHA1
  
  e18f5488701b73796903a751596e03869974c5fe
- SHA256
  
  d52c8301f09895484e2771149ed024cb52ac70c0742f717c76f5f7079c675d7c
- SHA512
  
  2208883f919ab02451ef12bf101f0a0b9f00f48fd590ff5ee80454619f561059fb6af9eae83adb3ac71f7fbaf77a785e6f703398f876305c92e0f6c4134306cf
- SSDEEP
  
  6144:TcXjzqjtlL8dcWzu2gB+5Ycp/nqYQsssbmTzps5idMDmH06Z2nQeOg0pPsS2:TcT+WSWzu2QIXEBs5KH0bnQeOg
Score

3^/10
behavioral13 behavioral14
- Target
  
  傳奇守護者免费版1.8.9/detection/tempj/yx.exe
- Size
  
  696KB
- MD5
  
  864478fef94d7bcbc6b07ff0dfda067e
- SHA1
  
  4adf59b5f3db36c9632c2f01ed1f6bde0e6dee7d
- SHA256
  
  5afa1bb68db83e1f560deefa22759a38f3c2e095e99e1fb9a8963c8c76a6f298
- SHA512
  
  d74c1b6d952c25d920c2f28ad7969e8d6c6b7a5938507ecdc2d3161cfada91a8ea45f812d5b8a7baf729b3444ed61b8f037228e11b95c5fb021dddbcf0f99061
- SSDEEP
  
  6144:4nvnnnluhSThKSXnXeaXrh+oxmFwkroTYnSScJAVwSTQgmT8onb/tRZJ:4nfnlZtbnzXrh+kGngqwSVeh
Score

1^/10
behavioral15 behavioral16
- Target
  
  傳奇守護者免费版1.8.9/detection/ty.dat
- Size
  
  169KB
- MD5
  
  04ab3fe511b4a7465c57fc9e7aedcd3d
- SHA1
  
  f678150e525de20a58a2766d52846cc70ffcb622
- SHA256
  
  81f15689949e602c3413de07cd00d25baab313dc7a05d5fb05b7de04842a616d
- SHA512
  
  e4c5048c1ca4e4a355ff0c85932cb6e67c009f85b79189a0214026521a46744dd592cc3a83246c65a974dce67c570c2288be01150671ebc52ae9584bf10fc393
- SSDEEP
  
  3072:uP89l9/zuYu3PvTiqTsKfw6H2vPrzDlNM6FHpU9yP7X4kXq2GzT:cmlzmPvjGHvPn53dBX8p
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral17 behavioral18
- Target
  
  傳奇守護者免费版1.8.9/detection/ty.exe
- Size
  
  908KB
- MD5
  
  55125a878ca2b3811fbcbcfcf07933af
- SHA1
  
  6e102d401a99e3e82c2f0455e720306594dcce7f
- SHA256
  
  891d98bbe4e32783bcdf0538e6ea5e61fa9e7dd4896e04f533ac1425f8a292ee
- SHA512
  
  60f921887695a4752b4ef0753608fcbba72f2e114f65a66daffac8b87130eb08cb334c85a154d632cb0a3ad04cdc96bd63c5dc62e7aa0025f8933292f394d7fb
- SSDEEP
  
  24576:UETdqL+C/tnULhAM+rjIDIjXMWf3x+/98pLFPOhQjw/RI8s:UvxtNMgkwX/f3x+/98pGqw/RI8s
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  傳奇守護者免费版1.8.9/detection/ws.exe
- Size
  
  676KB
- MD5
  
  84cdd4384eebcf86f1aefc50701122bf
- SHA1
  
  d6f75bcc551b21fbe33db0e41952d55a1072bcce
- SHA256
  
  20e96f9bb5a4f8fae370f7e651fff9c5f5444b4c3233168608542b1e92a5f18b
- SHA512
  
  5a0ab12edcd4787ba5244a74b1032a13c8801ae088be867d577a1d59fc666642e5f63db6234d61941b7fdf439df59600633cd7969cc63136d2357d179dae939f
- SSDEEP
  
  6144:uO3d/K8BCr9gggJqbQUBauavwwQkykaMLeReCicYHAce4te1CfOA7l5Ww/Mlkne:uutm9dg2BIowQkykzweNPe16LWw
Score

3^/10
behavioral21 behavioral22
- Target
  
  傳奇守護者免费版1.8.9/zip.dll
- Size
  
  120KB
- MD5
  
  f483ca3411e7f5b278df6dabd1dfa2ea
- SHA1
  
  9fe776f8eb36b7aada0d08cb7fc8d7a0371c69ef
- SHA256
  
  3af8886e8f36c34cde502bafd06e967a7769f910f603a88cb91a9833f928a6c9
- SHA512
  
  d229dcd16b8e91fdadee68d5e42a79b1447091c6480bfb4aa0761c5c9035404991383dd7999ee431a0610aa716745ec28e221c115baf022252f8f20512d9d4f6
- SSDEEP
  
  3072:YOltoyFOxHTKiM+Kh+GBFOQMrTBfC4NS5S:IyFOxHTKf+KhFB0QMrTBq4D
Score

3^/10
behavioral23 behavioral24
- Target
  
  傳奇守護者免费版1.8.9/传奇守护者官网：184pk.com.url
- Size
  
  155B
- MD5
  
  4a22dddd8446183c50f3aa29692e25e9
- SHA1
  
  643615b1ff943a7474195be641882adc6f6ff211
- SHA256
  
  3d32336a6e23e0567beca4e18395aac12d78c3c7578d59791da98633c48fb6f8
- SHA512
  
  4be750fb649ae52b735dd3245273f858ba637a96dbcfe8263927a0429d9e572cb1e1f227e7ca3544458901b98a3289e11ac53a2462d7e6082020caaba23424ec
Score

1^/10
behavioral25 behavioral26
- Target
  
  傳奇守護者免费版1.8.9/传奇通用变速器4.0.exe
- Size
  
  895KB
- MD5
  
  fa41210502101fcdcd0c3d66bb95d619
- SHA1
  
  4d7afa6833559eafffb87da83c835c8d496a213b
- SHA256
  
  537ca1477d99b50ffa5485d19646156eb8c694aa6e1e5c94f56cc206d653b4ec
- SHA512
  
  729584dab79a2ea84e697a75e880460de696d0e4161f6ebf1527ac027ae3a2636c5ab15df7039ce19cb1aecb759804cc976770eb0da45c5676b087ba27111d6b
- SSDEEP
  
  24576:pVsEWC4PwIMApdC2QIZZU3JhZw4VQeDZW:3TYP3MhPIqfakN
Score

8^/10

vmprotect
- Drops file in Drivers directory
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  傳奇守護者免费版1.8.9/傲雪残影.exe
- Size
  
  5.8MB
- MD5
  
  5fe65f37d4eb3450fc9cd7b815cb105f
- SHA1
  
  01921e60e2a37b7fe2071b1f821d7820746fa18a
- SHA256
  
  d06c0348b5240e3ff5b21201a8350461f8afe21be3c4552f726a8a38721784f3
- SHA512
  
  dbee124db5b972cf6c530b577dc5860491c04b225db75d2c4fa2e8d97c3c660d0b8db6e2722e193626044df234416b171d7630151cac9375bc661489d12f7cbd
- SSDEEP
  
  98304:DqqAHeF633fbns14Zje8tNJj669cERHEkN+nCF2DpYwaSwIfeaG4u64:DUu2nG488tUdkSCFHQe564
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  傳奇守護者免费版1.8.9/傳奇守護者免费版1.8.9.exe
- Size
  
  6.7MB
- MD5
  
  0d073c6b672cf3766da08c87393cacfd
- SHA1
  
  749c4680d1312f3961e732774a8117f539b6ffb1
- SHA256
  
  60873b32e91f5934705d3b514ca94a781906f82f460fb3e57db669fe1b1be8b5
- SHA512
  
  f06d16c0b377a64544dd6c8e32c8330174a3b2aba15736884998e123a2c9086ca3dd4ca22b29bc5e072ffbbcaccf06b81b44d7c38b2db4e87a5c5aa625ab94b7
- SSDEEP
  
  98304:cqZS0XIHS1YvYSu88ZHACE63R8TORhSr/llZBu44BYNkNHBI94HvXaEay9cAGrE:we95Su8846aIylAxYNH94HvTay9
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Drivers directory

VMProtect packed file

Drops file in System32 directory

Enumerates connected drives

VMProtect packed file

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32