aa159c242c54988920ca64e521b5cb072e63b8970287c910a77efa403ae9155f | Triage

Sharing

General

Target

aa159c242c54988920ca64e521b5cb072e63b8970287c910a77efa403ae9155f
Size

2.7MB
Sample

221126-t6nmbsha94
MD5

0d548d6f0fed4303a54585fbb46e642b
SHA1

b913e55cb53ade932859318ec342249bdcad65e6
SHA256

aa159c242c54988920ca64e521b5cb072e63b8970287c910a77efa403ae9155f
SHA512

5103532b1a2a16d4ab5231cefd3dafb4a9a3bb26f64e57c9df4b94cc8375343380d0bcb6a42f164dbf6269b59a2cc7551f96bcbe999dbec0261fd143fda80493
SSDEEP

49152:CsY3d+BLqgW6/ntU3P+2RDkweQxNw/68z3gn4SUv02uIGQUP/Gu85PXPfeRkzRkY:CD3d+B1W3P+k4PQw/68z3g2uZQAL8JWm

Score

9^/10

upx vmprotect

Malware Config

Targets

- Target
  
  旺旺群发E客服版/SkinH_EL.dll
- Size
  
  86KB
- MD5
  
  147127382e001f495d1842ee7a9e7912
- SHA1
  
  92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
- SHA256
  
  edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
- SHA512
  
  97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
- SSDEEP
  
  1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  旺旺群发E客服版/dxwl_bh.dll
- Size
  
  62KB
- MD5
  
  9435c644ce28db438c050ebe544a0f0b
- SHA1
  
  882aa056c8dfb724b34037c95f7fd9f4ea59ecbd
- SHA256
  
  ca34dad6b2d447010c4436fb16a6ded53e9ee8111d0f6dad6359fc8717f5a24e
- SHA512
  
  222e5a7bb20965188962638b7ca1022a0fb0752ce181025615fcdec1e7447dde51d4cd946d0d68bcd270e8f21dacfea49b605c47b9b5b67bdcae1560219ea0d7
- SSDEEP
  
  768:xc3Vd8JIHm7urOgDrisnJmpu2uwh6dNt63r3jgr7ttOu6WPUHANCDXnkh99d+5:WFdHH9buQVq8w3jgPtv68Un6M5
Score

1^/10
behavioral3 behavioral4
- Target
  
  旺旺群发E客服版/handle.dll
- Size
  
  660KB
- MD5
  
  867cfc1a9f60aebe95aaa38f6f88b2ed
- SHA1
  
  f1a5efb7c9f1464f0542d1f96c3a78f2bc70e57d
- SHA256
  
  b4141e80b17c71111c0ff1ba92c47e6522625a351aa47c89bbf88f7aaa83c6e2
- SHA512
  
  9cf5cb481f79596428acc237be4fe850815f6d95e31472b08790145946a86e41d35c2d16ab85f95edbf9fa191a4f6bff2ab6a45bef18ee4294de48f035f1ca27
- SSDEEP
  
  6144:YG5utRSOTufCmLjHkoP6crCFhPLfi1RgK9X/cTJ48FkDBwIBOIvSRTA/TpBAoTXg:Y3tRuCa3P6cr2h89k/kDxBDv7s
Score

3^/10
behavioral5 behavioral6
- Target
  
  旺旺群发E客服版/安装前必看.url
- Size
  
  94B
- MD5
  
  21afcd5bd7d19fe39a46068d7226b9e5
- SHA1
  
  4fe7d4a23b8912b884a970c9d44e632078426a77
- SHA256
  
  f076a0ed420b6c494149e54d6c823a0eed824abc5bce3c7bfc4859527b86c0c5
- SHA512
  
  75e6fa4488ebc3540b41500ce17ccb17d304654342d87c2cf957ef86a76a25d33247ba6d2c7b419ba50aca8be5e5a4bd49a081e0648e4fb20ace8cbd733b4e9d
Score

1^/10
behavioral7 behavioral8
- Target
  
  旺旺群发E客服版/旺旺群发E客服版V1.0.exe
- Size
  
  2.3MB
- MD5
  
  3f2033278fc85e929cdc6cb918ec5f0d
- SHA1
  
  28ceb3f58b40a3679291ce7254159a606ffee7fc
- SHA256
  
  2b8200c0696b9bc85bb34978bc298af2c11d15a53962a77de5a6a648c96d960e
- SHA512
  
  96c51bf7ffdae4b57b23c40b97347df4c8b71d10eae9f7bcd3b6161961017285f6f51cd81177442ad5c288006b29daa828a11ecf8b5355e0972bf4dc178a6694
- SSDEEP
  
  49152:/h/051wXEqdwk0cQHGiYYSzSY5voVU7zQY:pM51wXEqdwkLQHHhsSYt8
Score

8^/10

upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  旺旺群发E客服版/旺旺群发E客服版V1.0_Patch.exe
- Size
  
  4KB
- MD5
  
  de8e10f57ccd364685116ff8ee0b669b
- SHA1
  
  ab889b38fa919c1768b4f40637cf69a75acaa02f
- SHA256
  
  2dadf869e360370f55bfa5143a34a823d3a43318ac91b03df1c2882a7a65a3c1
- SHA512
  
  e5a5f77c4222366c459e63e0324338fa828b2bb10a3a6dad62f17cf2fbbfdd46958d24cb29c9c31c827dea8c466b8589a8e81a604c2a1693311d6c4957b414e1
- SSDEEP
  
  48:iPJZq8owufjqX+lam4dG32ILkQV/2ySeJY8JTaDAKUhVvrX+sYBWteBWxpMz:ypXufjquQm7GILkQwAK4VTmWteKpM
Score

1^/10
behavioral11 behavioral12
- Target
  
  旺旺群发E客服版/群发帮助说明.doc
- Size
  
  811KB
- MD5
  
  7ff3dc2ce9d2432588223409785bf24a
- SHA1
  
  20936d369bfb5e628039ffacb05b8a371789702f
- SHA256
  
  a9ac3e32fe1bca7b39025f450032e4a53b34ce8b8ceabc6df64846ae9646fcaa
- SHA512
  
  5d29b5cace3c3988f1a6dfe8e8d05eada6b8879538f89ffafac3d3e354430a6ba07f845e4488a2680021b9809a7c4026358127fb003e1173f6e17788f948390c
- SSDEEP
  
  12288:zDWzRI6QYQsuwy1XQIKw4hx7FcrqSFLMCSJtJkQxmjuGYozVBT9Wjpoogl:zC6C6iS4hxsd1l7y/U96/gl
Score

4^/10
behavioral13 behavioral14
- Target
  
  最牛的单机游戏下载网站.url
- Size
  
  76B
- MD5
  
  f3a3a75babaac3ba5ed8dddf5125d76d
- SHA1
  
  6e3c39f915ca393a6c88b8c67f74d7f1902fdcd9
- SHA256
  
  eeb0f36f0d854bd9d61dea51b517098ddfae007389935a40343c1a2a3173d6f9
- SHA512
  
  6d63e964b2c3a96db47072d4f53cb91e077081b4ab0764c1c1aadb58c0ddb7b79487e31cc7d7016055c78db65717a2471d1aacebf292388b30ddbb7ced96cc9c
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16