Overview

overview

9

Static

static

9

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...er.dll

windows7-x64

1

momicAlar_...er.dll

windows10-2004-x64

1

momicAlar_...ta.dll

windows7-x64

8

momicAlar_...ta.dll

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

8

momicAlar_...��.exe

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

9

momicAlar_...��.exe

windows10-2004-x64

9

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829

  • Size

    2.5MB

  • Sample

    221126-1ymtdscb4x

  • MD5

    123dd76054ffb16de01f86ebc7143af1

  • SHA1

    cd0b30f449ee240bc2a12d1d63bf44b9f086f3a1

  • SHA256

    b2b9b97ee97f9c32f9f870a521d9f553181ff004a6aaea931b3c13f8050ab829

  • SHA512

    24cfa3ebab7b4988e4ff3b2ccb121a536e3494a1f1528f7b9d0230f5e73f8dee7aeba344735300a4f831960d91cfae3448cebe1ced174f2af0f99f0df9830b0f

  • SSDEEP

    49152:VgxQAyKvAhBRjBUBC0QpnuSEBDLRmHBS9NkjG/YEIP/mWd+2k9txHNTb9FXzKuwQ:V0QAyqAhnjBWC00n/EUIW+3S+dtTBFXf

Score
9/10
bootkitpersistenceupxvmprotect

Malware Config

Targets

    • Target

      momicAlar_gpxz/!)支持我们的网站.cmd

    • Size

      1KB

    • MD5

      64dbeaf8befb07b01a4989021ddfbb1e

    • SHA1

      10c4305148c4f7fb641a0ada7c03f6cbc77a3386

    • SHA256

      e58bd470891c6bbd4420633a502ee23ccefad1d70cd5b11c2c1b87c67ca29312

    • SHA512

      018d2e7aa65aa54ca34c82e1ac5e7b3a618afcb100d5e33eae39deab010dba4130cbcdfaadc83cff544a2eb7bc9a4aef73d1a4faa849b27f389e3fdd3c53c7bb

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      momicAlar_gpxz/@使用帮助.cmd

    • Size

      1KB

    • MD5

      64dbeaf8befb07b01a4989021ddfbb1e

    • SHA1

      10c4305148c4f7fb641a0ada7c03f6cbc77a3386

    • SHA256

      e58bd470891c6bbd4420633a502ee23ccefad1d70cd5b11c2c1b87c67ca29312

    • SHA512

      018d2e7aa65aa54ca34c82e1ac5e7b3a618afcb100d5e33eae39deab010dba4130cbcdfaadc83cff544a2eb7bc9a4aef73d1a4faa849b27f389e3fdd3c53c7bb

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/BaiDu_谷普下载.url

    • Size

      248B

    • MD5

      4862e98b9ff9ac40ab2ae5d3f45d786e

    • SHA1

      c76a277a07afbdd0fb180e1b8aef606545b5286b

    • SHA256

      974e9addad6f6a416099d3e3359aaff27efe2685b20f3f5c0ca3ed1581d106ea

    • SHA512

      830981812c9a64776043f10f38ffeef2148045dd940667798ae1bf933e4b4ddeb0eddbf92a78a475ffbcd1843a7222f81d6a6bb4de3d29cdb9e14f631b240eda

    Score
    1/10
    behavioral5behavioral6

    • Target

      momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/ConfigCenter.dll

    • Size

      27B

    • MD5

      7054218866a9fd3f2396b1b4669e4bfc

    • SHA1

      a33af39368e5d64c5850e10c521e5cf69507148a

    • SHA256

      e3a5e12cdf59aa84cda6eb7e546003c7f2819a655c5a2d27c6e3ec40bb0ca257

    • SHA512

      448c5aeb8162add01f48be03191a7f41f019bac094c658cabd1f0ffac72a005929fd3d6374bfb6f75057b29ee6c3ae8b95039741c6ee75220625f2b903265031

    Score
    1/10
    behavioral7behavioral8

    • Target

      momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/jedata.dll

    • Size

      86KB

    • MD5

      114054313070472cd1a6d7d28f7c5002

    • SHA1

      9a044986e6101df1a126035da7326a50c3fe9a23

    • SHA256

      e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    • SHA512

      a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    • SSDEEP

      1536:0OYdF5pkapU0uz96DjsVgsIm65HPdOMpFQEMqUktZcNqLODRv7zFpl91nouy8jg:0HDp7pRuKjsir5HZFQGrsUwF7hplPouG

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/米乐营销 - 旺旺状态检测 测试版.exe

    • Size

      1.2MB

    • MD5

      5a25cd4f84f2153f25f7ceef630872d3

    • SHA1

      a9f36a6993356275c4a2369e1654292dfdd6ec35

    • SHA256

      97cd322fb24b9785e63f57c5acb8132132aeca632e2c32cdf62add33ff96bad0

    • SHA512

      7cd53a610cc242e98e3486565b37eb37c75f2347943c4cb0cec0ce7038c0b0d5cf84c74d8825e6adc94d4464afc057c276a817e273123890fb8b37ac7d485450

    • SSDEEP

      24576:+ApBjyd7d4XF2ZFSXVlsDJcrydJx27TBzWIqIsVnc/Uyf6aMKk8tX0:XpAiYeGOGE7TFWHc/B6aRB0

    Score
    8/10
    bootkitpersistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral11behavioral12

    • Target

      momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/补丁.exe

    • Size

      1.2MB

    • MD5

      c72c293b94f3fe93106bc59716c46ecd

    • SHA1

      a5c9f993559e8134aa96cc8b993172f6b9aa1876

    • SHA256

      322af210b41805011d41599643f6dee7c1e54e797e66484429598cc836a3d4d8

    • SHA512

      a29449265a86486781387f76740bebf759632d33a4fa4db9df84ba5e5bbca5314277b9f13e163c19b292c5e10f7f9e555ff5e222fd7f4f9d4e452aaec5d41c64

    • SSDEEP

      24576:vzzfTlkIeQVKg6IRgNtF7LlsmLthxIdu1lb5l3vT6SsUf6xvXf:vP7lkWACR44mnxv1PBb6S9ixvv

    Score
    9/10
    upxvmprotect

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      momicAlar_gpxz/哥乖.url

    • Size

      345B

    • MD5

      77f7b71a785921da1e2dd7aac670cf79

    • SHA1

      a9dc959de80a166f6674c59ec016c430dce8065a

    • SHA256

      23c706f6fc91d2a4c070eaa25c32c6405f6e6d0bd0e8cb78e91944524b18ac3b

    • SHA512

      9e70785415af29f7d0fe394faeeb54f0d1d016ef3293608697bea42191ea648fcb990601ae8100c7964b953b0a11aa8c59bc745d02b34d091a08a8dc964db273

    Score
    1/10
    behavioral15behavioral16

    • Target

      momicAlar_gpxz/在线游戏.url

    • Size

      325B

    • MD5

      c644362bfd0d5c73b57f66c9f7121000

    • SHA1

      bb919e6f8bb8b515078b0f578816266371b19395

    • SHA256

      88bbc3fbb270b0b11bd7425f35dab54dfc2b421a742fb61d6092235a6a6fecb9

    • SHA512

      4008758f854e0eef7fc7afe86464dd5a80272d2ba7af50ca534d51834fc4bcf05bcf3def3d95ce6ddb0d7c3b73179f260b3bc92feb9042d29fee69ccc2f76824

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks