Overview

overview

8

Static

static

8

jiejsgsbfz....3.exe

windows7-x64

8

jiejsgsbfz....3.exe

windows10-2004-x64

8

使用必读.url

windows7-x64

1

使用必读.url

windows10-2004-x64

1

流行软�...��.url

windows7-x64

1

流行软�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01b1bfef41847d3630c62b2a35e45609bd4dc2046e908c1132a88226e1d9687b

  • Size

    7.2MB

  • Sample

    221126-fqsdpagg7t

  • MD5

    0e91e09cacc835c4742b655b4beb554b

  • SHA1

    374c42fad612dd1f2c7a28d1fdf5115017115a64

  • SHA256

    01b1bfef41847d3630c62b2a35e45609bd4dc2046e908c1132a88226e1d9687b

  • SHA512

    39e143a61f89309ba8cf0aff9abdf64857cae5fba736894bdd3bd2829d36991b6fb71fd4da7f27cb810af8464efccd6af25a40e2370bcc23a3880d8b1373f68d

  • SSDEEP

    196608:fT5GnM+rgGGQDLYq2ZgpSyipgskDLgqOX6J0yVGWrgXxbJ8XY6:firpG8kxqonkLgh6GyQpBEl

Score
8/10
bootkitpersistenceupxvmprotect

Malware Config

Targets

    • Target

      jiejsgsbfz/神兵3.3.exe

    • Size

      7.3MB

    • MD5

      0a9b93408c5ba5cdb529ff5e6e675c57

    • SHA1

      0fcf6325045048deeb16c866b4ca5a40283f9c6c

    • SHA256

      121c13e79b29689025903d57eb0806f91b3f215ead187f8bd470b26d1061a59c

    • SHA512

      0f73dabb41e6333bfa547568c8622b5f15772fd6d52fa174cd4da4d42ef5db61e691629e7ee987d14d54d4b915f8af204a4aa63855651ecf44881681417d18ab

    • SSDEEP

      196608:siE8Hm2ZWmzmhy8Cnlgyl6oa5iPisdqGfzXj:oUm5amIznV054iIfz

    Score
    8/10
    bootkitpersistenceupxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      使用必读.url

    • Size

      239B

    • MD5

      3eccdaccf3350a93d110576d5d1b86da

    • SHA1

      c077ec6af992d6d788b9046369a9df5fb859eb89

    • SHA256

      d3d92f35219a782f12bea23e212d7cee7a99797f46c781b6102885effece5635

    • SHA512

      44f4508c9b324c10e2af16c8f88b9b3063d47b6efc5dbb36483063a261a20f874c4864e0491ff68db067cdc00e2ab005b4d9b41e83d76af1cc47a46d290e7840

    Score
    1/10
    behavioral3behavioral4

    • Target

      流行软件园-绿色软件下载站,绿色软件免费下载联盟.url

    • Size

      150B

    • MD5

      59367da07a1b7d645b7ff45a54bd6d2d

    • SHA1

      adbdced9daa920d17ae50b89654991e8dd499a68

    • SHA256

      f45f340e20eea5797a9534deb0941f40faa73dbf82bd567c0a3c2b1a254e33b1

    • SHA512

      2537538a425f4aa4e45168e6314d9b9b43da9f666b986864cf5963b0a694f67925f9277bc73a5b75b2b51338443b9359fe826019b671372b834d76f703e1d152

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks