Overview

overview

9

Static

static

科威软件园.url

windows7-x64

1

科威软件园.url

windows10-2004-x64

1

�....1.exe

windows7-x64

9

�....1.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21d069763107c2849dbb77fdbad2ba868c16710979537b47ad2257d85912f500

  • Size

    4.3MB

  • Sample

    221126-t2ajxabg7w

  • MD5

    9b495df43fa9834788aae66b1300cd72

  • SHA1

    1b516830b4fdd51ec69cc0cb17fb06f7a736ed8a

  • SHA256

    21d069763107c2849dbb77fdbad2ba868c16710979537b47ad2257d85912f500

  • SHA512

    00d0640be478c19ebf8f753651b6ed800d1c4e12b8b629d09dc65fb9bd1726f63b71efe4988f2cf82e0efabff37f4f5db14cf038ad648816c5505ab0431e9e6d

  • SSDEEP

    98304:04iEx+vfWicqwZHFByNBI8eigKD7ONjW6aGGpEB:Pis+vfzqGZe3JNjt

Score
9/10
persistenceupxvmprotect

Malware Config

Targets

    • Target

      科威软件园.url

    • Size

      208B

    • MD5

      c71a1cb975cfb8b1917367f98805716a

    • SHA1

      03ec7ea13ad51d18494d5ebac19cba21332174de

    • SHA256

      2b3c7caa8b06b25f65246da0d83be20d51af24276b6cd958ca401753da880ac7

    • SHA512

      8e9cfd2311df9ddf35031accdad42135b8be7a9eca7ae44534b4ac8cc99debf801da4dc655a91731697654ebf33f149c58aca38cd365349743aee9180ff686d6

    Score
    1/10
    behavioral1behavioral2

    • Target

      ˸4.1.exe

    • Size

      5.1MB

    • MD5

      d4a0825e77027a47b28ac118f0975d52

    • SHA1

      fac4d04808945eda9ef71114ae715606d71bd911

    • SHA256

      87cb34ebb531cfdf2abbd61c1e10184fd17e8d92a9cebd38c3684359747ecd51

    • SHA512

      60f6f849c790865274d0d54aba241e1b7a4e2b066a2ccd894b507edc9b211921a6eead88557fb4151daa7a8a15967ad526cce9320471377a18b85329ccc6eeec

    • SSDEEP

      98304:eCv+JlCP+zYxsWUGi95aWJEz/eYqdwkLcHHOT5kJLR6HOkJvVqmFIAG2B0zx:AJloxHUG3lzGjAOdkdou8NvB0zx

    Score
    9/10
    upxvmprotectpersistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks