f6763ffbb4146148c31112f49f31bc335970242f405c7120e71eea0afbb70b61 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

Baidu_Com_...70.exe

windows7-x64

7

Baidu_Com_...70.exe

windows10-2004-x64

7

ӛ-1...��.exe

windows7-x64

8

ӛ-1...��.exe

windows10-2004-x64

8

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Sharing

General

Target

f6763ffbb4146148c31112f49f31bc335970242f405c7120e71eea0afbb70b61
Size

3.1MB
Sample

221126-ed4erade4y
MD5

ccc8fc973c24c610f03d880a82a56bfa
SHA1

0869eb3e254e7ab94e9cae7aed08259734dbe748
SHA256

f6763ffbb4146148c31112f49f31bc335970242f405c7120e71eea0afbb70b61
SHA512

47e8c9f013a05870dcc83bc0fab41bdac9999cfa7b8256c6a5b1e409b63feaa484fcf48997a8e8136b0f6b49c49195417386c835972d582c7a5d0a8baef09a4e
SSDEEP

98304:HW+P5j01IO0ocImzyoAK9A0kwYOc27C1CdQ7:TP5jhznz9poKi

Score

8^/10

bootkit persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Baidu_Com_90000170.exe

Resource

win7-20220901-en

bootkit persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Baidu_Com_90000170.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

ӛ-14.9.26.1.exe

Resource

win7-20220901-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

ӛ-14.9.26.1.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

QQ.url

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

QQ.url

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Baidu_Com_90000170.exe
- Size
  
  1.4MB
- MD5
  
  f34e66fb58d8cace441e9a6fdd9998aa
- SHA1
  
  4b719111844a8788ede32bfd0a93ee0ce1e7410f
- SHA256
  
  53e01b61ccf9868ab79aad471e84226b2090f8cba87fa0ec0fb487755e8c19d4
- SHA512
  
  4d4072ce78398252ae03591bf886ae8602c49dfc8dc33b31de279bde402714c2a91d38c2ec984077a9b67e4610ec9dea213dc02d381382721c2ea42ae6dc9ab0
- SSDEEP
  
  24576:+CgIYG5yhyeFZGi9LEoXjpANX4JzOi30lZl8nNyUcyqWWaDwKbTI1yQEKo9gt6K:tYWyhyeF0i9LEoXjMI07+cybWeY1yQE6
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  ӛ-14.9.26.1.exe
- Size
  
  1.8MB
- MD5
  
  55b9bb60c5b627b87f37cf89893d6412
- SHA1
  
  48c004c4f5ca9d22a0c69a22884ce6d9fdb486e5
- SHA256
  
  a03e2529a1b1e714c59ae4467b557140123c6631d8abad89c3eec6f9a4689506
- SHA512
  
  7a6de61cee3b2fa8526af15fd3acf985c1674a9dcac45f43d57fece3e59be6c2e04f7ca4d19d00bf4a2c30750bec37fd0c3d68ee8fef1385ebcf37adb8f70b2f
- SSDEEP
  
  49152:tjKs2rPHwcwUNaBeeSzn610EfuFfMxwg:4s2rPjUTS20V0w
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  QQ.url
- Size
  
  126B
- MD5
  
  9f36733525857a875b9aa9b0dc78da08
- SHA1
  
  9b7bf725cc7a90bf159ad1958b043adb16e36a9e
- SHA256
  
  97c3de62e4bf28be46b48a65a349d3ab190ebad5602b8c6e92230d0a1c432ad2
- SHA512
  
  72cb12cd8257add1e58d436f69c1f9d6cbfe515a172608943f30e46db376be5873a0ba6c58f81a269b6758419a4ea6b56cfd2dc40d86b4ffab47f0e90815ac85
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy