General
-
Target
cb03c01adab4acb7ac937795a033038bb9c0a353f00c6a2a873eeaa5cf88b12b
-
Size
274KB
-
Sample
221126-2qphpaed4t
-
MD5
e02d12c2b296bf454685395aaec470c0
-
SHA1
acc3a609459cc17d821930f053ac2213b477e3b2
-
SHA256
cb03c01adab4acb7ac937795a033038bb9c0a353f00c6a2a873eeaa5cf88b12b
-
SHA512
16d1464f3535e85f60d472273a1ccc6c300e696cb95be4cedcf93bb4c572f2ad21b083250c98ec394f115e67870ce3eb077b0572ac07f1ae04d8e74bc9bef179
-
SSDEEP
6144:W1HD722YkLe/1ToQyTWNF0RHlviBdrsLuTijMu9LtrPURo4PI:g3pE17qWvSlqjziwCLtr8I
Behavioral task
behavioral1
Sample
Usp10.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Usp10.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
qqmsgsee.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
qqmsgsee.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
使用必读.url
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
使用必读.url
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
华彩软件站.url
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
华彩软件站.url
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Usp10.dll
-
Size
88KB
-
MD5
28d0bdf6fa32d1988d9cdbf36f1348ee
-
SHA1
d7b11d199ac0449c179af499bfc9ed3be5eb8eba
-
SHA256
e79f6892804c7e18e827416389931b12061b2d1b568944d19c1175d6d3d9e7b4
-
SHA512
fac7e4cd5b4679661486b22135ff5e8877fe4371c2c37bae2f77b31bdf799e9f89a249e51fc75dffd751bb762f9ca59acb10c436decfb5e4f2b5adcc4451ba0a
-
SSDEEP
1536:68No8xdIQi/qBAzCvbO6qU7SqAkx/PB60d7QCQcljUhJ8LDiJOfKaNVtBDVPR2oH:6/8Hi/qi5xOnxxd79Q4juGAOSk/ZVPRT
Score1/10 -
-
-
Target
qqmsgsee.exe
-
Size
232KB
-
MD5
d7d5a8136962ee21e14fa33f127064da
-
SHA1
f97737161502842fa07add7b89be3b34271df3c3
-
SHA256
2045a435826ab52f8f80b9d1de96c6be728971cbdc2dd601864d358a6977c92f
-
SHA512
da0cade98fae9ef332ebec7b51b513b73402da1e4ed5ba3b1d7078caa957d9bf66da3ca9e865e54102aed546f5948ffad8bae87c4abb19363df97f8d4eb26a2b
-
SSDEEP
3072:AMdgD6dbNFko1ayFCpEZWCfEgl+D7t5VOcoF/7UbNVLPLcqcoMaUfdqMwuW0Gc3I:Jdge1NFVH0pwpMfN5V7bzooMkMwHc0U
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
使用必读.url
-
Size
170B
-
MD5
56a7e2bab575e50bf341b9354c4f20f8
-
SHA1
7755a3f06f509b6c28d4704224ccb61244608f5f
-
SHA256
bd790caa5eac8bcc9931ced0056dba0f8c6425fd0caf012af1d54e4b9f141277
-
SHA512
3aa99582f9511430b8896f656eb0ab24df9cb675619b93c85f9941a5fa96b2ba0ce6023b8ed7b81fc47f5dfedccdd3081f189dab7a41e657205f4de81f174786
Score1/10 -
-
-
Target
华彩软件站.url
-
Size
183B
-
MD5
29ba6e0e2bee41dbdf6528d6bc7715af
-
SHA1
5f0f6e04816e59a951c3ea1b66840e7fa8bdfed4
-
SHA256
240a5b89292b51ddb63d8ddf7177dd14415e549caa2c8bb425eeaba1567d279c
-
SHA512
e2b868c9421c7aff6705a30a259e1b9d61412ccf6c55e94770673af2906e5231821c5f5532960b4cb0fff914cd586ce1a4ae8934bcd4b27a02da24457ce9cbcf
Score1/10 -