Overview

overview

10

Static

static

9

hxjydazhuz...dm.dll

windows7-x64

1

hxjydazhuz...dm.dll

windows10-2004-x64

1

hxjydazhuz...ta.dll

windows7-x64

8

hxjydazhuz...ta.dll

windows10-2004-x64

8

hxjydazhuz...��.exe

windows7-x64

8

hxjydazhuz...��.exe

windows10-2004-x64

10

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24f3b147914290a2537d0a61f52009db0f82f5ccdc7eb8843923b44f61a78f72

  • Size

    10.3MB

  • Sample

    221126-2mgzfaeb4v

  • MD5

    ecddb593337eeaa48ce5a0f5ad0f4136

  • SHA1

    6e4d3e63bc1a86f9135524dd213185c86a415912

  • SHA256

    24f3b147914290a2537d0a61f52009db0f82f5ccdc7eb8843923b44f61a78f72

  • SHA512

    af928c9ce7277e462a97957e6108be927de7745f216470a9a0de48443e374d4541afb64c93821306790efbf8f9de71cef6b4aeec78f03f4b47b5bde939e0b74e

  • SSDEEP

    196608:CwOFxXdSL4hvgC1z/PEyv6AfU/y7cDV/wMZh02X8tyTlADzbxAT:5OF5dSLnC1/ZvFQyYDVxZhHVTOPbx4

Score
10/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/dm.dll

    • Size

      804KB

    • MD5

      c578b6820bda5689940560147c6e5ffc

    • SHA1

      922e50d89c9c44bdc205ef17aa57212b64e58852

    • SHA256

      3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

    • SHA512

      9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

    • SSDEEP

      24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6

    Score
    1/10
    behavioral1behavioral2

    • Target

      hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/jedata.dll

    • Size

      86KB

    • MD5

      114054313070472cd1a6d7d28f7c5002

    • SHA1

      9a044986e6101df1a126035da7326a50c3fe9a23

    • SHA256

      e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    • SHA512

      a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    • SSDEEP

      1536:0OYdF5pkapU0uz96DjsVgsIm65HPdOMpFQEMqUktZcNqLODRv7zFpl91nouy8jg:0HDp7pRuKjsir5HZFQGrsUwF7hplPouG

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      hxjydazhuzai/火线精英大主宰自动开枪脚本多分辨率支持V1.2/火线精英大主宰自动开枪脚本多分辨率支持V1.2.exe

    • Size

      9.5MB

    • MD5

      0daf49a958b5c4439f19f523cac7bdfd

    • SHA1

      8b25d655d491765aad34f39f3fed9383111f3e5c

    • SHA256

      73330c8974eb98a387b05e2176f76ae8f768436501a6c162fd6c09492c7df370

    • SHA512

      ed060246dfaa16a8951a62e6afe5395ddfe03a81a6d8b36a7bee0fe4de8fb151051ed0703638a28a1d2932cd1f36b144fc869a07c3a24600b6f023ad456eb8c6

    • SSDEEP

      196608:UJ4D0KPNxhpZ9dmB33Zfn4Rei56tqP5sdMEVgFqjcD/UKFR+:e4D0KVxhpLdmBHx4D6tndMWgFqQTUc

    Score
    10/10
    discoveryupxpersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral5behavioral6

    • Target

      新云软件.url

    • Size

      217B

    • MD5

      e5e80be1cf1a1b2af35991aed091c827

    • SHA1

      79e02d122cdf24da7e59044b4bf83572242b4c71

    • SHA256

      1016d243a1266c9970996f2847639ecefbecc361cd98fb79d27d048eee3dd69e

    • SHA512

      b926f6e34e0e9e260a8f6e59ec8e660af0fea09de91140d968cc7665ea45f840a8951f4a1c0400bfe384d2e269159febfc5e32981b863b9d97830f5eb2521705

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks