cb03c01adab4acb7ac937795a033038bb9c0a353f00c6a2a873eeaa5cf88b12b | Triage

Sharing

General

Target

cb03c01adab4acb7ac937795a033038bb9c0a353f00c6a2a873eeaa5cf88b12b
Size

274KB
Sample

221126-2qphpaed4t
MD5

e02d12c2b296bf454685395aaec470c0
SHA1

acc3a609459cc17d821930f053ac2213b477e3b2
SHA256

cb03c01adab4acb7ac937795a033038bb9c0a353f00c6a2a873eeaa5cf88b12b
SHA512

16d1464f3535e85f60d472273a1ccc6c300e696cb95be4cedcf93bb4c572f2ad21b083250c98ec394f115e67870ce3eb077b0572ac07f1ae04d8e74bc9bef179
SSDEEP

6144:W1HD722YkLe/1ToQyTWNF0RHlviBdrsLuTijMu9LtrPURo4PI:g3pE17qWvSlqjziwCLtr8I

Score

9^/10

bootkit persistence upx

Malware Config

Targets

- Target
  
  Usp10.dll
- Size
  
  88KB
- MD5
  
  28d0bdf6fa32d1988d9cdbf36f1348ee
- SHA1
  
  d7b11d199ac0449c179af499bfc9ed3be5eb8eba
- SHA256
  
  e79f6892804c7e18e827416389931b12061b2d1b568944d19c1175d6d3d9e7b4
- SHA512
  
  fac7e4cd5b4679661486b22135ff5e8877fe4371c2c37bae2f77b31bdf799e9f89a249e51fc75dffd751bb762f9ca59acb10c436decfb5e4f2b5adcc4451ba0a
- SSDEEP
  
  1536:68No8xdIQi/qBAzCvbO6qU7SqAkx/PB60d7QCQcljUhJ8LDiJOfKaNVtBDVPR2oH:6/8Hi/qi5xOnxxd79Q4juGAOSk/ZVPRT
Score

1^/10
behavioral1 behavioral2
- Target
  
  qqmsgsee.exe
- Size
  
  232KB
- MD5
  
  d7d5a8136962ee21e14fa33f127064da
- SHA1
  
  f97737161502842fa07add7b89be3b34271df3c3
- SHA256
  
  2045a435826ab52f8f80b9d1de96c6be728971cbdc2dd601864d358a6977c92f
- SHA512
  
  da0cade98fae9ef332ebec7b51b513b73402da1e4ed5ba3b1d7078caa957d9bf66da3ca9e865e54102aed546f5948ffad8bae87c4abb19363df97f8d4eb26a2b
- SSDEEP
  
  3072:AMdgD6dbNFko1ayFCpEZWCfEgl+D7t5VOcoF/7UbNVLPLcqcoMaUfdqMwuW0Gc3I:Jdge1NFVH0pwpMfN5V7bzooMkMwHc0U
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  使用必读.url
- Size
  
  170B
- MD5
  
  56a7e2bab575e50bf341b9354c4f20f8
- SHA1
  
  7755a3f06f509b6c28d4704224ccb61244608f5f
- SHA256
  
  bd790caa5eac8bcc9931ced0056dba0f8c6425fd0caf012af1d54e4b9f141277
- SHA512
  
  3aa99582f9511430b8896f656eb0ab24df9cb675619b93c85f9941a5fa96b2ba0ce6023b8ed7b81fc47f5dfedccdd3081f189dab7a41e657205f4de81f174786
Score

1^/10
behavioral5 behavioral6
- Target
  
  华彩软件站.url
- Size
  
  183B
- MD5
  
  29ba6e0e2bee41dbdf6528d6bc7715af
- SHA1
  
  5f0f6e04816e59a951c3ea1b66840e7fa8bdfed4
- SHA256
  
  240a5b89292b51ddb63d8ddf7177dd14415e549caa2c8bb425eeaba1567d279c
- SHA512
  
  e2b868c9421c7aff6705a30a259e1b9d61412ccf6c55e94770673af2906e5231821c5f5532960b4cb0fff914cd586ce1a4ae8934bcd4b27a02da24457ce9cbcf
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence

behavioral5

behavioral6

behavioral7

behavioral8