Overview

overview

9

Static

static

9

大飞破�...EL.dll

windows7-x64

8

大飞破�...EL.dll

windows10-2004-x64

8

大飞破�...��.exe

windows7-x64

1

大飞破�...��.exe

windows10-2004-x64

1

大飞破�...��.exe

windows7-x64

8

大飞破�...��.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6afbd251b227c166e1b6c02e002fa8e23084a46367270a25b9460896da28eba7

  • Size

    6.2MB

  • Sample

    221126-hybf9abb22

  • MD5

    89f4e08b274b0f4a8721e897abc1269a

  • SHA1

    e3b976977e697aead6487dd89a13d4700813e758

  • SHA256

    6afbd251b227c166e1b6c02e002fa8e23084a46367270a25b9460896da28eba7

  • SHA512

    fca5cbc9a88976c4b214e341dd459456e7b653304f28f9a0a4c6fd6f04a217cee3de598e32962b4ea69b0198b5ad544e06f3450d8f7cc93d1f92edb75ae5f12d

  • SSDEEP

    196608:BWYKioDG1mHUP4Oi8Mv6CxLMUlYPWMUQjUIRR:BWYqG1mHUi8MyS3NBo

Score
9/10
evasionupxvmprotect

Malware Config

Targets

    • Target

      大飞破解版/SkinH_EL.dll

    • Size

      86KB

    • MD5

      147127382e001f495d1842ee7a9e7912

    • SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    • SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    • SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    • SSDEEP

      1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      大飞破解版/一键启动.exe

    • Size

      3.9MB

    • MD5

      6f5d22c868cb66606b78926f3d0969b1

    • SHA1

      1457dea770fa3038f76a8d161582f0ff29c7be0e

    • SHA256

      67a8097b6b2754334e667d69e381e79f4cab5a25cd708679c58bcd50754f8de2

    • SHA512

      6c4aad38b3cdc3741fd8e18828b90156ee1f65e9fa59d679bc84d84020d0bcf0001bc6daf413dff65272f5ca3372b024bb5945a6c2f8929a9c98f9fcba04ab29

    • SSDEEP

      98304:NBVZB/g2p6FYskEhipqdwkLQHHhsSYt8d7+94qoa+N/:336+skCfsKSOo+93G

    Score
    1/10
    behavioral3behavioral4

    • Target

      大飞破解版/大飞视距.exe

    • Size

      3.8MB

    • MD5

      57c10b764a04c7becd89b8159f5fa88a

    • SHA1

      84cfd16944399f66550ab8f7e958146903e455ef

    • SHA256

      4536efcc9382cd4498470c36f16267882d4173e58dfa4cfee880e198e7d8d8c6

    • SHA512

      abee86b8b4d83bbbaa953caba2f8bd556ba4c41748079623cd4933c9662589d62244b80872234c04b4e6745b4bb77a0e9638fbc001eeaee0341050ed82ff1915

    • SSDEEP

      98304:eBVZB/g2p6FYskEhipqdwkLQHHhsSYt8d7+94qoa+N0:Q36+skCfsKSOo+93H

    Score
    8/10
    evasionupxvmprotect

    • Disables RegEdit via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks