Overview

overview

7

Static

static

7

mxzzrgj_55...in.exe

windows7-x64

7

mxzzrgj_55...in.exe

windows10-2004-x64

7

mxzzrgj_55... -.url

windows7-x64

1

mxzzrgj_55... -.url

windows10-2004-x64

1

mxzzrgj_55....url

windows7-x64

1

mxzzrgj_55....url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1453e4afc200135bf9ba31ae79e296b86284baafcb99cdf1493919fe9423f25f

  • Size

    2.6MB

  • Sample

    221126-vseb6sdg91

  • MD5

    eedeadf3d3e87c0cf0f4855ee7fae63e

  • SHA1

    d132351973994a1e84d89b2ca186e103edfdbb9b

  • SHA256

    1453e4afc200135bf9ba31ae79e296b86284baafcb99cdf1493919fe9423f25f

  • SHA512

    8d3a4edafda32cb47ad1a4c215d105cc37b11694688a88c9e81781f930ba29aaaa9e5c9d0f2e8a30a3518bf7e44713d740799438d59ed8fdcbb26ef4228e60b4

  • SSDEEP

    49152:3BqJgGq3wXIAXBUH3yROsmKvD4mm5TmUIgFHDR+Q2yoZJ40pj9YCTw8ZYLy1zi0f:3BygZyIQBMXs6mUj+Q2yo1+VkP1zi0is

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      mxzzrgj_55923/Domain.exe

    • Size

      2.5MB

    • MD5

      81f0fb11bd80498a62818f74c86ba118

    • SHA1

      df02e26206e40b662940d19b1e44af92d70c823f

    • SHA256

      b9a656ceca29c9b7460f890571d4dce3852d37bdc2d9303364ccb7f2762c59a6

    • SHA512

      11f5bc9cab461ecddf6ca6c40a2971d0c46da045c207ac05a9ec34f607d5dede4b39318d63c4cfaafb13f65b9fb9380272556475a83578ed794b7e77641ff2f9

    • SSDEEP

      49152:ksU8lg7GGuaKtyTw5uZmKm8VonOISYOlFKM8rj13PDz2:XUX7HsYTtZmUon3S/qH1fDz2

    Score
    7/10
    evasionthemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida
    behavioral1behavioral2

    • Target

      mxzzrgj_55923/安装前必看 -.url

    • Size

      167B

    • MD5

      6ea0842fb13c113e1296abc2294125d2

    • SHA1

      426afce31e7d43b54ab951b4223de127560b64a1

    • SHA256

      21455c52d91ff7cb3ab4f1e4030935cd4f5594ecbafc3da499ada8f8cd52d52d

    • SHA512

      f21a88dad3eca50c47c98156ccc6c8a5117809b70734d027186ea55dbf5406eb3517102a6f6bcc607ac7e4f141a1b3d37ffdd9967f5404ade2025f982adc5b0b

    Score
    1/10
    behavioral3behavioral4

    • Target

      mxzzrgj_55923/最牛的单机游戏下载网站.url

    • Size

      76B

    • MD5

      f3a3a75babaac3ba5ed8dddf5125d76d

    • SHA1

      6e3c39f915ca393a6c88b8c67f74d7f1902fdcd9

    • SHA256

      eeb0f36f0d854bd9d61dea51b517098ddfae007389935a40343c1a2a3173d6f9

    • SHA512

      6d63e964b2c3a96db47072d4f53cb91e077081b4ab0764c1c1aadb58c0ddb7b79487e31cc7d7016055c78db65717a2471d1aacebf292388b30ddbb7ced96cc9c

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks