1296fca72509b6a6cfb1fcf0371c853607ac4e4b8ee6fc25b36f0b2eb0a8853c

Sharing

Copy URL

Twitter E-mail

General

Target

1296fca72509b6a6cfb1fcf0371c853607ac4e4b8ee6fc25b36f0b2eb0a8853c
Size

7.4MB
Sample

221126-3kn6eadb64
MD5

4cf7c3db4335e8a323a9bb5b3488dd16
SHA1

b9db5b986a8caa2a46c0aa2094cf6bfd44751064
SHA256

1296fca72509b6a6cfb1fcf0371c853607ac4e4b8ee6fc25b36f0b2eb0a8853c
SHA512

0025c50dfa172e9c186469276b66fba0fa0d3f284626832fc1bd4bdba80dc4a7cac203af709dd3175afe040ebb190744b74fa51624ea1863cb2e50013cb46b2b
SSDEEP

98304:ijWO+8T7AkrHKNQ7u7Odq6OHYTr7FR942FERLAR2KuD7GxDORfCPXZKD7+DPEoZA:i5t+J7Od6Sr29llxXCsD7+oQOOpPV/pm

Score

9^/10

upx

Malware Config

Targets

- Target
  
  鑫财手机协议全能王/91vpn/91vpn.exe
- Size
  
  307KB
- MD5
  
  22f0d122185b6b0120bcf611e45cd6d8
- SHA1
  
  36c94eeebf1e792416cd6fef30115053dfb46d87
- SHA256
  
  a74887579686843b0c9cbd41ae6d1b2ad184c7e6a81d4b9efb2f1864c70f2ba1
- SHA512
  
  68a6ae62a801f5779431ff275ff5e7e9414875b94f4b9e6aa5937e470a90c4c20a19dba86cb3223326b13aeaf3c685000c43ab53b3d20371e2d5ddce6601935d
- SSDEEP
  
  6144:kzmKnGDcrNkB5HG9QYQM87p+CC4azquuq54t5XPgNgQAAitfGFOyCuXwL5ceeLe6:ihnXeLHJYQNi4a2uuq54t5XoNgQAAito
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  鑫财手机协议全能王/91vpn/appface.dll
- Size
  
  277KB
- MD5
  
  ca69f84b164dd69a96bef1b2761c7596
- SHA1
  
  81f352575d8056a8516b9cbb4f73b8c0c6730c28
- SHA256
  
  e6870e771feb8095b42f03349032cc08ca01948b6672ad307f7355232970e895
- SHA512
  
  f9ffc2ae28cb596f4c010ed860275c2ee2bdf96ac34ee2dd3b20bcf1c636d1f760ece74946c10eb41a031b61882a7eceaeac8b70e6a1d8ca03b02ebcaa38f857
- SSDEEP
  
  6144:FTa+ar8WYs/v9tS08ttqgGEp2zL6UQHNWgb5sZN4rZ2BYejlNTqFg91k:FaDxlx8hngH6UQH3CZNkI3O
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  鑫财手机协议全能王/91vpn/httpproxy.dll
- Size
  
  105KB
- MD5
  
  16848d947d10770269512554a0defb7d
- SHA1
  
  5299bc40a1944a34537904983af7b61ada6227c3
- SHA256
  
  41a8aca7eb8483243676f2473cd98de507d814fdd7db81653c0aee0a69cdaff9
- SHA512
  
  5bde5b62b30365ce14f94d7546ffa015f4c07435211078c5e8767886b1438e361763c09d3e9e05193117e3c5e57bda048eda211b5e36132139ac690b5eafefb8
- SSDEEP
  
  1536:e8/zU/fGxBhO05YAoEYH7Th4F9dxMbRSPkJsBTAALlkWtOnCEePRQyo:tzU/8hOOxce5+beBTAALJOnCEePCd
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  鑫财手机协议全能王/91vpn/mfc100.dll
- Size
  
  4.1MB
- MD5
  
  07bccdcc337d393d7db0b2f8fe200b3f
- SHA1
  
  5a02b227cb0a22a8e7884cd138c3e8568d083d94
- SHA256
  
  bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4
- SHA512
  
  e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639
- SSDEEP
  
  98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG
Score

1^/10
behavioral7 behavioral8
- Target
  
  鑫财手机协议全能王/91vpn/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10
behavioral10 behavioral9
- Target
  
  鑫财手机协议全能王/91vpn/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10
behavioral11 behavioral12
- Target
  
  鑫财手机协议全能王/91vpn/updater.exe
- Size
  
  75KB
- MD5
  
  1bf4e650ace71c93b6b768db6538fd5a
- SHA1
  
  9b4d3ccb7dc6db7167b00a9720b60f23c6237d7f
- SHA256
  
  3609ea382a9ea5fde45e9c7281a81e3706534a2a4db6bce068c03c07f9dee0b5
- SHA512
  
  c24882e9e131ab609f4f92d8824c444922d86c0b8cb5b71617bb4646c2abe59bf4030dff910dc0f38b7e7e559a37311512a762c08d47b77e4fc04643ef3e83d9
- SSDEEP
  
  768:Pf6DuCdfJSyQ8wXPGjH+9LE+31lwPfJHp4fgKIj6n9+6gOrGdzRleMM2DQvcZL+U:36qwS2y9LE+3DAHp4AVOS9eT2Dbqa
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  鑫财手机协议全能王/91vpn/vpnutil.dll
- Size
  
  750KB
- MD5
  
  2a85f60ed95582d66ebedeec374ea64e
- SHA1
  
  ad1b515b0b72e6d51563e89f40b23e62630c39de
- SHA256
  
  163399e825d23c9c019a9bd03a58328d365a5fc9f80af1e516ca7412de2c49e6
- SHA512
  
  cb2766a0bcd7f6979831f004e84b15df18ba33ad11d6ce20b6432845074e8249de72c906cd4900576831c21d09940b9e30b701db839b0aba299ff364d9e8b458
- SSDEEP
  
  12288:3ysfcCzYEjeYL89XikxFkPBs+OeO+OeNhBBhhBBdlrYj5cEwmco0LgUdj:lzYERL89XikxFkPnYj5zwmd0LgUdj
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  鑫财手机协议全能王/91vpn/zh-CN.dll
- Size
  
  95KB
- MD5
  
  360099b5631b29ccbce6e22246ab835c
- SHA1
  
  cfce43a06fe9e36542d6dfb32a8971e9237810ab
- SHA256
  
  88374c312fd6a8ea243f7f684a75c55c988753880980e3aaed75f954176d57fc
- SHA512
  
  ac263c1b85a4ee482718ff5609e13ae789876c20d10e368b644925a84bcc1cc3e8692e929bc01ea2f7ca809663db8796155c1aa995848e2158691e50a7ea4ddc
- SSDEEP
  
  1536:vwsAytISshnAk5chO7eV4O/6rweqMLUiXMW4QZHI+7zzR6ieaqFD:nHWhnZ5ceeV4Q6rwJMLUiXMlQZHIOzzi
Score

1^/10
behavioral17 behavioral18
- Target
  
  鑫财手机协议全能王/UUWiseHelper.dll
- Size
  
  228KB
- MD5
  
  7c0415db33190179697196004e57d7c4
- SHA1
  
  08490854f84d7a8034a6945ff146d4862b15b5a7
- SHA256
  
  aa058b89e25c14072acfac4f9159b7d74b20955e3940088e1037d87ca90d9ec1
- SHA512
  
  dfd070b4ac5686510251be2564af7cc361246234808b0cb6537ea80e0d3717c061f90c0d4044c7e16d5d875def730ed0ed56ba3d4f7dd580dbdf9e7aab7dd1b7
- SSDEEP
  
  6144:e+moNhqzesvTmbGvZQZlRrBKvcWJPFOEy5ka0PiRX:EvpwbrBKvtPnyKqX
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral19 behavioral20
- Target
  
  鑫财手机协议全能王/ZMApi.dll
- Size
  
  292KB
- MD5
  
  147ec5c4a4c11c0427b159b7a27eb717
- SHA1
  
  35fa1f536040fbd39107611b0c0acf5a38faf04a
- SHA256
  
  440c9ae7acd9c0c46619dcde2fa9b08264cc6cd7f533d497f242948aa7957a7e
- SHA512
  
  f2274376ac4d763cda2d5e246483ffbd27adfa30eed2433f2a4fac55e3690b4ea3466e0ab7e9100af5a9afe16c6f889cc15e9a18ee3f0b1f9d15f1b4d75a429d
- SSDEEP
  
  6144:k3urm5Q7GqxLCTL1bixLVhUvvpvNajKcC:k3Em5Q74L1bYVmv+Kc
Score

1^/10
behavioral21 behavioral22
- Target
  
  鑫财手机协议全能王/dc.dll
- Size
  
  120KB
- MD5
  
  f803ad370a8649a143429f179af5f3ab
- SHA1
  
  9cc2a5abd97ac494318dc176484fe58518a3f93a
- SHA256
  
  890bb63027a57ceab075068400610007941f9d915fbefd473393514cf5e7874c
- SHA512
  
  b86be893441d835158642bbf955820298c592b80d2bf06fc3f503a645a1b25db85d9655a364ac271b0a4a3bb568054f4c6d54d930af7470dadc264195f48a825
- SSDEEP
  
  3072:uEyUyJubNTIuwYK7FzAOYfDftm4fy6sv8v9Kq1Aow5RVLV9uIIDcq1QQm07l+vdL:umkPkIV/7ntQm07
Score

8^/10
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  鑫财手机协议全能王/face.dll
- Size
  
  3KB
- MD5
  
  ae6eacbaa4bedd8bdb119d19c611eac8
- SHA1
  
  916d434f314005b7b68e9852c097a1b1771dd339
- SHA256
  
  aea9d96553a21c0c95b6586b103d8369809b213beb47db8c5847deb1d3eb240e
- SHA512
  
  6842aa2135cc100e287ebd42e049857795062e4027a23c7cdca66a84b9f0f75211a9966bb25390fd288bf72963c41b711789d59745ead9e6ccff449d8c7d05f0
Score

1^/10
behavioral25 behavioral26
- Target
  
  鑫财手机协议全能王/update.exe
- Size
  
  1.7MB
- MD5
  
  9cac857549f54ba77e04595a524829d7
- SHA1
  
  c3c97c29a311b1c65402b3303f16f174b84e4c4c
- SHA256
  
  28867e827caec329e1f40b870be0ff0fca315c9e89427816032749cfe083cb37
- SHA512
  
  8a42438b7d940c433a3a3597a319418b441e6d35b894c6f8180ca8022a7d162c3f3a87d4b0db090df490744adcbd295a40b4b7745414079d34cfedf501730339
- SSDEEP
  
  49152:LbtIYXqNjQUzBLEG5ArEOJ1Gd0rhS0P1E/x0:LbtIYIObEewKgcKu
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral27 behavioral28
- Target
  
  鑫财手机协议全能王/鑫财手机协议全能王.exe
- Size
  
  6.0MB
- MD5
  
  be542b725a6ff3c449ff3085c8b15851
- SHA1
  
  d6c9402e00062b01b47524e9fdd03a797c0c946e
- SHA256
  
  43a34a2b39f146348fd47c6ff3b5229dd893f0438d1d3319161768410af6c8ee
- SHA512
  
  76a4617bede32e90f4cc516ed6c4e45081ea5b8c88136cff59741c0e48e9fea4084b099cb4252eb7ade346b3a54d8f1539c26a4bfc02fb6cef3c94592cdb5b05
- SSDEEP
  
  98304:yneQooD7VL5Ux1cJBAUZL/L4tUvTkfqLdRx9yRmsexACmgYIfzXc:yneQX1o1cJVTL4tUvgfqZYosUnnzM
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral29 behavioral30

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Loads dropped DLL

UPX packed file

Loads dropped DLL

Drops file in System32 directory

UPX packed file

Loads dropped DLL

Drops file in System32 directory

Unexpected DNS network traffic destination

Blocklisted process makes network request

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30