Overview

overview

8

Static

static

8

急速辅�...��.url

windows7-x64

1

急速辅�...��.url

windows10-2004-x64

1

�....1.exe

windows7-x64

1

�....1.exe

windows10-2004-x64

1

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

�...�1.exe

windows7-x64

8

�...�1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    392710b1f8cb1e516ac715204ca7e3bcc1360c94fd80d2fd6bbd775e6ebdd1d9

  • Size

    14.6MB

  • Sample

    221126-g5gfeacb3t

  • MD5

    6309b84900e5a94a7c11719b25fbe5b0

  • SHA1

    f60788a5a2895f2382e76a38deaefda55afef235

  • SHA256

    392710b1f8cb1e516ac715204ca7e3bcc1360c94fd80d2fd6bbd775e6ebdd1d9

  • SHA512

    4ef679dc914fee9aec4e66bff4a0a74da764715f8f6f638c8bad0ff7f01ead6f2380902b589ec1b04269ee214d25bb6683dd73edd9c3e092956f7c256830c09a

  • SSDEEP

    393216:uvXljcdMz1My6y4vGkT243D5ZA7MHlTCW6vZiULv:+Jc0c+kT2UMgHgzvxT

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      急速辅助免费版0112/数码资源网.url

    • Size

      244B

    • MD5

      305983ae6219bf10d517e168b3ebe5ea

    • SHA1

      b30177e0d7aa2c46843fa9c728c8a9319f34c6a1

    • SHA256

      a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f

    • SHA512

      def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28

    Score
    1/10
    behavioral1behavioral2

    • Target

      ٸѰ0112/ǰ2.1-0110/ǰ2.1.exe

    • Size

      3.2MB

    • MD5

      1ee9bbaacea078f1c3bfebb96bed43fa

    • SHA1

      542986ab482678159e749e649397ebee75d9849d

    • SHA256

      73905818632d3435b443b124df679462d416c36c2725184dd2cd8d9886d1468d

    • SHA512

      b7706c7246ca20ad33b495edfd66b11883840626881c85ecb8e0c3db69db8c820b53084314dba8553345efe71c91a4f6c6b73256b48912b8ff08a9da0cb847d8

    • SSDEEP

      98304:zhHk2amE0WVAmx3uQ9y9OgdlZIITXgY4eMmIWv:9HkRmK3xwDXSmFv

    Score
    1/10
    behavioral3behavioral4

    • Target

      ٸѰ0112/ǰ2.1-0110/ǰٷվ.url

    • Size

      397B

    • MD5

      eb50c29b1ee71bebad088e474ecc8629

    • SHA1

      e363416b442fc0ac20323b7c2ecaf745feeb599f

    • SHA256

      75c1e6a00b23bfc682b548aaaf4b254cb50fdff93dc604a10a32a55c8eb64a3c

    • SHA512

      5aa9a37e819b3968d37e9e86bb454dc702c3ae90738680da78f9f0055144aaa29cc7f33d2357c3cadf33e45df76f342b0ffa8c1d3cb056f59797fddd34cf2bfb

    Score
    1/10
    behavioral5behavioral6

    • Target

      ٸѰ0112/Ѱ0112˺test123456/˺test123456ҹرɱ󱨣.exe

    • Size

      10.2MB

    • MD5

      92b29237e0ca168038266764b4654bdd

    • SHA1

      fe741a54221ee54aab09856304f862296d6a7a5f

    • SHA256

      a370d1c0dc04d8fab6ccaac46a873a0e730ddcd65e095b1459254cdce540f803

    • SHA512

      ac52eba4cdfff4969833e4f86348964e1c04e67ed2d31953056d26c02025ed12ca2870146fff2b5c43fefe4fa4c5ad0f968c8297bb56bb99c1dad95377796e04

    • SSDEEP

      196608:TohssNIte1cmk+n85NGp1I0xTL5oLVD/:TA3cmkxNGpK0QF

    Score
    8/10
    upxvmprotect

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks