Overview

overview

9

Static

static

9

928免杀�...ad.dll

windows7-x64

1

928免杀�...ad.dll

windows10-2004-x64

1

928免杀�...pc.dll

windows7-x64

1

928免杀�...pc.dll

windows10-2004-x64

1

928免杀�...ew.dll

windows7-x64

1

928免杀�...ew.dll

windows10-2004-x64

1

928免杀�...er.exe

windows7-x64

8

928免杀�...er.exe

windows10-2004-x64

8

928免杀�...EL.dll

windows7-x64

8

928免杀�...EL.dll

windows10-2004-x64

8

928免杀�...bj.dll

windows7-x64

1

928免杀�...bj.dll

windows10-2004-x64

1

928免杀�...p1.dll

windows7-x64

3

928免杀�...p1.dll

windows10-2004-x64

3

928免杀�...PI.dll

windows7-x64

1

928免杀�...PI.dll

windows10-2004-x64

1

928免杀�...xt.dll

windows7-x64

1

928免杀�...xt.dll

windows10-2004-x64

1

928免杀�...t2.dll

windows7-x64

1

928免杀�...t2.dll

windows10-2004-x64

1

928免杀�...et.dll

windows7-x64

1

928免杀�...et.dll

windows10-2004-x64

1

928免杀�...ln.dll

windows7-x64

1

928免杀�...ln.dll

windows10-2004-x64

1

928免杀�...ll.dll

windows7-x64

1

928免杀�...ll.dll

windows10-2004-x64

1

928免杀�...ck.dll

windows7-x64

1

928免杀�...ck.dll

windows10-2004-x64

1

928免杀�...ec.dll

windows7-x64

1

928免杀�...ec.dll

windows10-2004-x64

1

928免杀�...��.exe

windows7-x64

1

928免杀�...��.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08ccc4452d1dee6da9362d6e0a91a0ee02842a1bddb679d2cb3c267cb8a4860f

  • Size

    1.9MB

  • Sample

    221126-k3s8zafg99

  • MD5

    569a902b9a0ec90f42b852357ae0156f

  • SHA1

    abb3fd3370b4c8d9825aad602e1dd21c5c2356b4

  • SHA256

    08ccc4452d1dee6da9362d6e0a91a0ee02842a1bddb679d2cb3c267cb8a4860f

  • SHA512

    1219ac8676bbad7574a0e733a9463a022008262757691b99d4f4476282519c94be6c7e11c3c616a0d4ba106e6b7cdd00b55557b98815bd6bfae5305d429c875e

  • SSDEEP

    49152:MuXKj7vYnxUcGJy0i+6QnNA7UCnbgtK6PtTdZPH1:lKj7gnydy0NABbOhvV

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      928免杀远控/EThread.fne

    • Size

      60KB

    • MD5

      206396257b97bd275a90ce6c2c0c37fd

    • SHA1

      3cae4506a033cf7e97156d5261f2a247c6270f42

    • SHA256

      64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

    • SHA512

      4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

    • SSDEEP

      768:r3gWNW3gyVNWTmOPMJcyS6K7viaViB9V5yHQ6Fq4oCaJa2OJK:TXkSTmOP0Cbu2BboCaKJK

    Score
    1/10
    behavioral1behavioral2

    • Target

      928免杀远控/Exmlrpc.fne

    • Size

      92KB

    • MD5

      2c9211cd380016db2f943ac96e6c8915

    • SHA1

      95c75052feab202eaa402ca520bf968c9438f6c3

    • SHA256

      3fbbb93599c220dbf6b37138f01eb64de6412e462be520eae1cf173b7d211338

    • SHA512

      4aa15dbfe86a6f26a6e74959258322528e32eb32ff010f2fdaa75c5b138be40c34456ab9527ede8fe3b8adfacf7a2d8c1a690cb1095ab935ad1a61ff3be41992

    • SSDEEP

      1536:aXdod+ZuPAQYWiTuPUavgf3UwsoMWX6Sn6St3wE:aXdoauPAEB3vgf3UwsoMWX6Sn6St3w

    Score
    1/10
    behavioral3behavioral4

    • Target

      928免杀远控/HtmlView.fne

    • Size

      224KB

    • MD5

      2c0b196cb4b98677c77aa810e7f1f072

    • SHA1

      b8ba545ebb7b55c7371cd7c18d78dfebbba33866

    • SHA256

      8d32a07500380f9b900134fecf01068d025f7b7b27c998066a321710db5a5f0d

    • SHA512

      39713b827cae220ae1d2f6b968bb689f72e583f1f5024260f54744c332ca99ed5a9508bcea6c143df31faa5a362e40fc5e7d2215a5c7f6c095c3951662a9b76f

    • SSDEEP

      3072:fz31EsnwzDXnva3uSoSNLIUCUbaAXZAlXpgoPNr3C2jo+xPsXC:X+nvaToaCsv6XtNh

    Score
    1/10
    behavioral5behavioral6

    • Target

      928免杀远控/Server.dat

    • Size

      932KB

    • MD5

      ec09d55e2054d289f1aa138382c83f4a

    • SHA1

      c8e01f6036deededf8c52d1b600b307b0829c81a

    • SHA256

      18e8ffc586d4922185406bb0a64612c2128de50b76786729145b5a774c00b5c2

    • SHA512

      aba623c1a41445e197cde6eff18f17838b8a1d6e8488ca4264a9f9f9f8bdd07e1ccf5d0ed809354a0dc7ece79dee3c9fda48ec9ebd8fdc0204b4ab502795e2ec

    • SSDEEP

      12288:M/sJFtFjMkihXnREUMJAIOoHuRBg3OLtjUWFIOpftASG9tRquNLe1J0MC1Y:M/gtlMkiXREzJTOF+NOxtA9tRNLe1e3Y

    Score
    8/10
    persistence
    behavioral7behavioral8

    • Target

      928免杀远控/SkinH_EL.dll

    • Size

      86KB

    • MD5

      147127382e001f495d1842ee7a9e7912

    • SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    • SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    • SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    • SSDEEP

      1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      928免杀远控/commobj.fne

    • Size

      112KB

    • MD5

      2b86ad8cd1903916ae5a3cd7ec2f1b9e

    • SHA1

      0240b4f0795ed3bf24748954fee6751901f26f2c

    • SHA256

      590c9ba4cad5a401c071f89f8468c45031a637f1c137ca320d9dbe82e4beabd6

    • SHA512

      517656179b727928d875f0ead1e986d8ad19711ec332143fdbc7684d1fd75ac728fa5495f89e4914dbaf2722a584cd6c33c1c9b406cd22f052cec94b7eb2395c

    • SSDEEP

      1536:2ZfD10oHdhZJPaRTmvmT10JDoHB/zjeDJGuPu8oiv2hC:mXhfAaP6/9uW8oivU

    Score
    1/10
    behavioral11behavioral12

    • Target

      928免杀远控/dp1.fne

    • Size

      128KB

    • MD5

      07201b1fd5f8925dd49a4556ac3b5bab

    • SHA1

      a76afbb44376912f823f2b461507c28d2585a96c

    • SHA256

      abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2

    • SHA512

      0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12

    • SSDEEP

      1536:tiDSn+hfeTpCwAncpZ6Z8HTiQjl1sYiKG3oe/:UDTReTgwAcp9lqKG3o

    Score
    3/10
    behavioral13behavioral14

    • Target

      928免杀远控/eAPI.fne

    • Size

      320KB

    • MD5

      8a8dfdd6ef9f17e5caba3d2fd9995805

    • SHA1

      8eb39efd8e1cd127ec0a32ae6118704c87367e97

    • SHA256

      6ec377e848c7254cc22b1a8e5eb1599bc31805b1fcfda1a2cc5999f6b28ea839

    • SHA512

      3998832d2732d82e3559395029cd8bbde70d090def133e96b401d409bae2c2477fac229a12a04e795e4ea0ee0de11688ff6dea65c3372b0f90e43cb170291946

    • SSDEEP

      3072:rU0swaxu1SrlTvpSuKsZZA+CaHgepAPAdh+SmTsc05nJhonAfVMQDjwQ+9JsOyOK:rUHwakEr9p+AbCQpAIdh6mVMewQ+LIa

    Score
    1/10
    behavioral15behavioral16

    • Target

      928免杀远控/iext.fnr

    • Size

      216KB

    • MD5

      3f1b2b497172b65f7bb15453d0d93de0

    • SHA1

      e24556e47ced0b6ae6b89a5e280b83e15ed42e8a

    • SHA256

      4f9ad22aa55455f56619e76a01afeb337e1f28f61c7dde5869eb2a6d8776581e

    • SHA512

      8837e6108ffde548674487c5ebba3e3dbee8bfafa5727470d3ebaeec039baefc6dc3d756a199f4fb334754985288f0a5577b32eb41fbd69295fc9681354cd3f2

    • SSDEEP

      3072:Mn8on8DDXsrbOfcrhoqJJeSld1oLLPCa/p9Z/oUHhRO6fVo:Ogcmqmud1oVldRp

    Score
    1/10
    behavioral17behavioral18

    • Target

      928免杀远控/iext2.fne

    • Size

      492KB

    • MD5

      dba5fdbe7ec94463b3f6fdf2162c9f95

    • SHA1

      a97137b4f2b77166b2a23da1f58e0bdb7365f4f2

    • SHA256

      a8b14f31098a191631696db5ddc77e029b48999542e0ec15b63df02220c66d37

    • SHA512

      325439bb5fe0e18e08cd547e9e9d505aa5b1ee51a436cb155254cfb04d318679e7a016cc2e72ffaba49bed20e15e85b26fd2a22e726e211650317218dde53ba6

    • SSDEEP

      6144:0ujp9xZF+ES6jisyHOzC8QxEksWINE1DfYmgykSjsUgZ43KyEBuXwKF:VZFX5zC8XkBIm1DfYml7otm3YBu

    Score
    1/10
    behavioral19behavioral20

    • Target

      928免杀远控/internet.fne

    • Size

      188KB

    • MD5

      7b129c5916896c845752f93b9635fc4c

    • SHA1

      e3fc632af5e1f36e8022e651f64eb8f8381c73c3

    • SHA256

      adc45970f4a0eafd2f372302f64836802380c253096a99ca964677a70a7128f8

    • SHA512

      c72dd4043e7cdc0ccefe26ce8a6d05701b4c610f88ab827e6731296da76b8cbe5b63c0970954ec7616369172b8b8f9cb546545271be3e86c18c54d0b9cad8f95

    • SSDEEP

      3072:mpTEys+TR7yRoHzXjlhvtcxVIThpEbbAKNXoqlSY9M02MF8:mpTEt+ycLHlCIThpEX9+XM

    Score
    1/10
    behavioral21behavioral22

    • Target

      928免杀远控/krnln.fnr

    • Size

      1.0MB

    • MD5

      44e2ca67c060fbe3dc0d030149f5a478

    • SHA1

      5df61eb626bc3849893701942114609c1086d496

    • SHA256

      6ced19283dbbb95f264448f380592f4e98ba8228efca2f68821ab3ae61029d93

    • SHA512

      1a348c7585d78dd68c1d0e059ea1d7cea57c1aeff734f834f75025719b9fdd0e9bb16aebe75e15502a1b83106387eaa9493b8990999e0a68b62c1afdbc8cf45e

    • SSDEEP

      12288:rb0+sqCE6yy4bmhSd+1YCHYFZzktq0TNSARuOrRUVbNGvNXXYA/2b:AjE6+bhiHYF5kZI6uOrRUjYNXXYA/

    Score
    1/10
    behavioral23behavioral24

    • Target

      928免杀远控/shell.fne

    • Size

      60KB

    • MD5

      98174c8c2995000efbda01e1b86a1d4d

    • SHA1

      7e71a5a029a203e4ab0afc68eee18c39f4ab4097

    • SHA256

      90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

    • SHA512

      a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

    • SSDEEP

      768:eeZWaAKT41c1IYc8HBbrYNYVw2Fj9oNIqF42eofVU:eBKT4fkrymV7oNIqC8f6

    Score
    1/10
    behavioral25behavioral26

    • Target

      928免杀远控/sock.fne

    • Size

      60KB

    • MD5

      698bd942f9334e0ab5d0c7002b13ed70

    • SHA1

      58eb04593c14ccb0c3f703b35710faf05711465c

    • SHA256

      9578922e34dfc8f3298e67dcaa5075d870dfdc4ef958985d5fc0e5e6b3849aa9

    • SHA512

      e0c78360c55c31ec139e7a0d8b44e3702dc721c1ea66c9e5deb9fde2bd4122ba10012b67d0d614ecc665a68d9ceb0d8fc79d279f41e7390ef3fe2495901b7740

    • SSDEEP

      768:Wo7bG/hX9OdejL8BK0BofPT/bz7IjG/OqhhItJ22uk8ao00O:C/hXIcjL8xufPT/bz5/OqMIYo0

    Score
    1/10
    behavioral27behavioral28

    • Target

      928免杀远控/spec.fne

    • Size

      88KB

    • MD5

      51d7be0ca4431fec32d0ba0978cb2cae

    • SHA1

      1aa65ca721bd881b615b16602f6bc7cc4c7d74d8

    • SHA256

      1e4d44d3a865a766517057c199eda71e005e56c13fce2c4137b66d185a416986

    • SHA512

      5cf2214bc60dde261f44aa339ba1943f5c9b70337a11d064185224b3dcfc705e55386c95de280b6d05c4b60a318abbfa3d5728724c28dfc009d57c3bbfd76ef5

    • SSDEEP

      1536:DcrPILJRJT/DpWc6hVoabwhfoeW7JsVRj0:QrMW1ojfolax0

    Score
    1/10
    behavioral29behavioral30

    • Target

      928免杀远控/主程序.exe

    • Size

      1.2MB

    • MD5

      fee2e539c2eb60107dd6733658d6304a

    • SHA1

      b8cfc066b6c3afcbda685e91a1824b96e9c296ee

    • SHA256

      6c37ceacde56c36b76be874f0e2a4e710051593a6cc3963dcb51ea4849695aa7

    • SHA512

      49e15fd6360790d7991426d97907d1b865bf2f6c1e6e03eabfb82f3cfdfacb0e63706ac1bc69c2afd233f9c8f6e66a801849aaf8f9bcca87467d62d6f4f87c39

    • SSDEEP

      24576:1TZaqdiXSp0c02uFG6dAk3CMHkd4Yi7p/J:1TZaqdwk0c05HGiHkO

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

upx
Score
9/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

persistence
Score
8/10

behavioral8

persistence
Score
8/10

behavioral9

upx
Score
8/10

behavioral10

upx
Score
8/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10