Overview

overview

10

Static

static

10

冰封免�...m2.dll

windows7-x64

8

冰封免�...m2.dll

windows10-2004-x64

8

冰封免�...ar.dll

windows7-x64

3

冰封免�...ar.dll

windows10-2004-x64

3

冰封免�...ll.dll

windows7-x64

1

冰封免�...ll.dll

windows10-2004-x64

1

冰封免�...fo.dll

windows7-x64

1

冰封免�...fo.dll

windows10-2004-x64

3

冰封免�...ua.dll

windows7-x64

3

冰封免�...ua.dll

windows10-2004-x64

3

冰封免�...om.exe

windows7-x64

6

冰封免�...om.exe

windows10-2004-x64

6

冰封免�...om.dll

windows7-x64

1

冰封免�...om.dll

windows10-2004-x64

1

冰封免�...jx.dll

windows7-x64

3

冰封免�...jx.dll

windows10-2004-x64

1

冰封免�...ky.dll

windows7-x64

1

冰封免�...ky.dll

windows10-2004-x64

1

冰封免�...ty.exe

windows7-x64

5

冰封免�...ty.exe

windows10-2004-x64

5

冰封免�...ty.dll

windows7-x64

1

冰封免�...ty.dll

windows10-2004-x64

1

冰封免�...te.exe

windows7-x64

8

冰封免�...te.exe

windows10-2004-x64

8

冰封免�...ws.dll

windows7-x64

1

冰封免�...ws.dll

windows10-2004-x64

1

冰封免�...ip.exe

windows7-x64

8

冰封免�...ip.exe

windows10-2004-x64

8

冰封免�...��.url

windows7-x64

1

冰封免�...��.url

windows10-2004-x64

1

冰封免�...��.url

windows7-x64

1

冰封免�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27784f24a8d0b693b96e57355c6eab3e56f2b6909cf74154393fdb6ee9ac6d17

  • Size

    11.8MB

  • Sample

    221126-w9pd5seg99

  • MD5

    97a5a32799fdcace55c71b2501b23838

  • SHA1

    d00b6bfa2e3b2e45de4737b6a47d95d91e092c76

  • SHA256

    27784f24a8d0b693b96e57355c6eab3e56f2b6909cf74154393fdb6ee9ac6d17

  • SHA512

    7ddc2e5e622c25dccd23ae4161b27536019eb4eb755a50f4061d27eac098b588ac2b9a6f24f4097fd1f977a2869b6ced76bb1b102a12fd69c505ba8dd728e864

  • SSDEEP

    196608:9z+imw9c68vmkgrWVZtwsiDdErstzA/mjrhVp0/bAX6KUVu2zNf6LlR0dt+rYk8m:PvX8vmH+Zi+rstdpVuz9KUJNf8lRbh

Score
10/10
blackmoonbootkitevasionpersistencetrojanupxvmprotect

Malware Config

Targets

    • Target

      冰封免费版(请关闭杀毒软件下载)/3km2.dll

    • Size

      1.5MB

    • MD5

      2e5ff9dc7ea781a0d99895d318af3cef

    • SHA1

      c2dddda1b2141a8d8fe2bd4619caffa4056e0737

    • SHA256

      6d884320514ec3a9dbb66914eebbe03e66dd3623f124988d350dc6322b76098a

    • SHA512

      fa0eccd58a8b7dbf8681547bc344d622391219fae1fa20eed3d7d67efa494e7f23c8670ad663ec35e4e1bb533c5ab7c784b195c5e96f7c954c45b7b2bbd50276

    • SSDEEP

      49152:zJ58ZHuvPUbFLfdwDclKIM3IMhWaz0I0:D8ZHuvPUtQclPM3IMhWaj

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      冰封免费版(请关闭杀毒软件下载)/Astar.dll

    • Size

      35KB

    • MD5

      c0b716b0a39e6bd5b97ad509c59616cd

    • SHA1

      434b02800a9b19e17901eb7c46c6ca240bc573de

    • SHA256

      e791c2fa9b0435ade26b7d8d295ac957ce0eb5d30bca0cbc4cff3d3f5d8dbdef

    • SHA512

      60bbfa1d09ff9fc5aa25886d22cc9c4bd4b602e4a723a5f3ea454cf3834a8dabf8d8630dbc8f6a61765d3feb7d498526e19503db27fbb6350266d2ea40cb17cb

    • SSDEEP

      384:voWyKa2k8KeTduFoSQPZaqSItpQt/stcc/pjKhwElrP+lnu6EDHkCr1GNC8vyNbn:v+KWVKFazapm70+hf7GnTEDT8vyh

    Score
    3/10
    behavioral3behavioral4

    • Target

      冰封免费版(请关闭杀毒软件下载)/Dll.dll

    • Size

      7KB

    • MD5

      0bbbca7038095d2ca8eff205bb1c7210

    • SHA1

      af89fc4b2dfbfd0a0ce464a171c78009f7caf1b6

    • SHA256

      3b4869d560062b4ea0edd78fba1d798a403b8749a9b32d323058e7e6416ee53e

    • SHA512

      2870cbf3eb75b3812f502b6ab5adae543349b02eb8e62ec1531d0464c9d475e69d4a9e6773a237dc7616f5754ef255903d976cf7d7a5d55e5b2b5043112595d7

    • SSDEEP

      96:yWf0YDrMtyjnyoSvDilH2tBOMrJQOBdFC+orPT3XAUPVAF6GDTnECt6M7N:5iy+o4DiwBOxO2rr3XHPV26Onf6A

    Score
    1/10
    behavioral5behavioral6

    • Target

      冰封免费版(请关闭杀毒软件下载)/GetInfo.dll

    • Size

      1.5MB

    • MD5

      dbac2c9c7545463a542820337e504dd4

    • SHA1

      f1927a37103145678bffefd2437d3c18a9b68831

    • SHA256

      ef022b706eab8542d2cf3be7de64b66cb809509732b08f6e055abeb84bdbba48

    • SHA512

      298dca7f6a9b9557305d435463063b421285d2420f581f28770ffb837dee55ae7ab99547bbd5e4d80da7958d1eb259f0d3c8262bbbd71517d89a0de47795d384

    • SSDEEP

      49152:7wZEkRqxYYYGkMzgBss/g6hIOd9uZNMcC8CFyluyplN1vn:QEnxdHkMz8ss/g6hISuzvCFysyplN

    Score
    3/10
    behavioral7behavioral8

    • Target

      冰封免费版(请关闭杀毒软件下载)/Lua.dll

    • Size

      156KB

    • MD5

      546696fc01d9c7c912da33a7ffecf21a

    • SHA1

      46f3ac49346afd4e85db46ade697f536afd8bee6

    • SHA256

      1b233ec23eccf5cc532e9f1349093ad7dc6b5d14973b1fb09251a21bf080e687

    • SHA512

      7ac984e2d3e91a23a256c6e118d2e83c5049310e5877b436f65a82b4c0e744677ef12d945625eac72f210ad73617133dc10a64b23aa03fcc9513906167174089

    • SSDEEP

      3072:kWxO4AOqXKN18lz1ajwgFxgi9bHb/fERierQ:kH/O+NlYBFxbnERVQ

    Score
    3/10
    behavioral10behavioral9

    • Target

      冰封免费版(请关闭杀毒软件下载)/gom.dat

    • Size

      900KB

    • MD5

      f674e8892127fb6dee55c45f90bef80c

    • SHA1

      07d02adfd68e17d0744a139a37f063ccf3acc660

    • SHA256

      428133cfffb97d29571b38dd5eceefec586b35c1ec750717f4eadb3f9c49350d

    • SHA512

      184619f238f96651f33c72aeb9d6024919ab100f4b2314add3ca56dcd30a885f1b1111c1ffd36f0398140abaad887f0519e4683115e0cabd54e9e3cd6c6152bd

    • SSDEEP

      12288:bE4yngBeZp2Z3fubpeRIwgY49xOw9NHWoE1TEEtAPJBvMWt:bE43AZpO3fkplwf4rOWNHWoINB

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral11behavioral12

    • Target

      冰封免费版(请关闭杀毒软件下载)/gom.dll

    • Size

      1.4MB

    • MD5

      5292dd08cc360231e91320d2599c5c8a

    • SHA1

      caf0bd247c4c4d73854ba6c852ee97ce46cf4949

    • SHA256

      0d08a63a51270608424655e58669b4e843062a18e8eb97b232401ff3bd3510c9

    • SHA512

      ce86e3433d5857981419cf46b8bceae63570406938397acfc8f845eca99e89c654ec4d973a89b0d11a9c39ee1d9ebb5dbc33f906c89207970760c4223a781077

    • SSDEEP

      24576:/3//MJCTzF2S9rfY3Lxn8EacxRabl+dbl3rw3nk6aju8Yovco4Jc2af:/3bF2S9rfY3Lx1XRSl+/E3Ku8Yov4Raf

    Score
    1/10
    behavioral13behavioral14

    • Target

      冰封免费版(请关闭杀毒软件下载)/jx.dll

    • Size

      652KB

    • MD5

      4e1c140d96b8cd84cd378ae96b2f6b1e

    • SHA1

      9441f2e1c20e5be9558ff36a8ca97659a8be230b

    • SHA256

      c8bc513379447f5e18a19daf61c9c50189dc8f22bbdcd697ed1fa624cf89b193

    • SHA512

      e6d69b2c5842fad80ad2e9d8013a5a474cc66eebebf30ca480bdd6a63737fff33cd87253089703df601f0801b422f657133a11c86a527bc986472aaf35fb1351

    • SSDEEP

      12288:wKKfhCzb/8x2JDoLqhM4xv4YGqmDV37g+J:w5CPU21oLq24xArqmDV37bJ

    Score
    3/10
    behavioral15behavioral16

    • Target

      冰封免费版(请关闭杀毒软件下载)/sky.dll

    • Size

      2.3MB

    • MD5

      4b3997a17c3c356b3c4a964059312ad3

    • SHA1

      6b14988e49a58f48ced59248a41c17c9d6e1c3ef

    • SHA256

      f06dfce697f6caabdd47e5acecd6a116f3fd9e238b2dc2f382077937e194aa7d

    • SHA512

      7105816d6083681cdef6151fce90df2a6b922b5f32a65583006e7f2d3040d6c656e7e0b9d1274c8a5179d353d080fdbf44fb53688d645d71790bb86454d00908

    • SSDEEP

      24576:QkwBweg/qAPbCGbB6NjGdcfibb9ee2Kw29v1oG36MJhBRBmhD9DVdNv6VzGaI+Hv:IMxUO5Ropdl+L4YexzxXG9

    Score
    1/10
    behavioral17behavioral18

    • Target

      冰封免费版(请关闭杀毒软件下载)/ty.dat

    • Size

      169KB

    • MD5

      04ab3fe511b4a7465c57fc9e7aedcd3d

    • SHA1

      f678150e525de20a58a2766d52846cc70ffcb622

    • SHA256

      81f15689949e602c3413de07cd00d25baab313dc7a05d5fb05b7de04842a616d

    • SHA512

      e4c5048c1ca4e4a355ff0c85932cb6e67c009f85b79189a0214026521a46744dd592cc3a83246c65a974dce67c570c2288be01150671ebc52ae9584bf10fc393

    • SSDEEP

      3072:uP89l9/zuYu3PvTiqTsKfw6H2vPrzDlNM6FHpU9yP7X4kXq2GzT:cmlzmPvjGHvPn53dBX8p

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral19behavioral20

    • Target

      冰封免费版(请关闭杀毒软件下载)/ty.dll

    • Size

      372KB

    • MD5

      6a6fcfdc2ad43d19e3299918a8845e84

    • SHA1

      a66030d34e3357e00181241d48e8302a0a4e2098

    • SHA256

      37e79983cde9c2f70fd73077dd7fafb944ec053f87976c6b33821b67001f0313

    • SHA512

      495fb60dec4a65f7de72893049f46529f70bbb0eb852feab6c75f9998453413c1dc78b6779d3c55e9510ca40457c09b812b414edf4188e136f6f4ffd5c20b2e8

    • SSDEEP

      6144:uz2R08dAbIs+orwFxCo0kNYXXGmo9TsrnpWh5G/ho0q4X/ieoNw4guSf629uCKPT:rRmIsgDOqOAyRGCVt/omrMc034jyXz02

    Score
    1/10
    behavioral21behavioral22

    • Target

      冰封免费版(请关闭杀毒软件下载)/update.exe

    • Size

      376KB

    • MD5

      f2f3d6bc76550040e73748117d1f7043

    • SHA1

      0afb48cca00c061a8d5c2f1c786de987517dd029

    • SHA256

      b3f0b108f21183e10e5ec684a124144f51cc0b9c9363d030496ae18d8daee6e7

    • SHA512

      96c82248a60510494f6fd0350ab350a8b69e41e9955bf4177aa0eaf85cfe06e87900ac75e958f642d7f36cf6bad903ca25b8c422310bbb648e9bb9a81d7982ad

    • SSDEEP

      6144:LrIjtjvIP7C+Xx+eaKMKVt56pcRR5rhZFQGrsUwF7vlPoSv8cg:fQtcz9x+ziR5nWFpPoSJg

    Score
    8/10
    evasiontrojanupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral23behavioral24

    • Target

      冰封免费版(请关闭杀毒软件下载)/ws.dll

    • Size

      596KB

    • MD5

      93f0109f592e1cda54c6b3f788298e47

    • SHA1

      8e2645971b4886983d3afa7b2523644b077522e0

    • SHA256

      80a1e632892e5f1e11f1e1527e6523716b25f64024255e91e91a81f39223cb01

    • SHA512

      f54d505395bda23208cdea578323b64723364186d5ddc03bce184f969a41660fa9b21cb1e4a54f42e5480a43bbfcbeb243322cf75e60f34ea1dce45b35e95e73

    • SSDEEP

      12288:jW7e/hIRy1EbQ9K3V0Ix3GdlnQgIXfZ2FbAityQn:jW7e/hIRy+bd3VZelQg4QcCVn

    Score
    1/10
    behavioral25behavioral26

    • Target

      冰封免费版(请关闭杀毒软件下载)/冰封vip.exe

    • Size

      2.1MB

    • MD5

      a9602bea357d9fcb9a8a3b53f18bb56d

    • SHA1

      c113487e97340f3ffb4606e37076a629da07caf7

    • SHA256

      ed133bdf4f975cacde6078645babcfc22d95f365330a14da02aff106118ebf61

    • SHA512

      b88828f0f13afc5e433f839ba44a3d37522c941cdcccb721738a59b849483356954cdc6972c6b27b515344318b3a4e2f43bfcb9fc4e001b797883a66d80c0bfa

    • SSDEEP

      49152:H6dL/oKLeBvwHyp6ano1RYsj4Eh5SLiEftPcnP6XM:aBwKq9wSp6FYskEhitt0nP6c

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral27behavioral28

    • Target

      冰封免费版(请关闭杀毒软件下载)/冰封官方网站.url

    • Size

      193B

    • MD5

      8de156417d333deb083384e728682f32

    • SHA1

      7570dc452e586cab76ae86c67e0c2159aba30553

    • SHA256

      1e831f29d22cff47fa39b2162e9011a54e1265dee4775ee07f7b31b4ff12153a

    • SHA512

      a40f9c066374adb27623524969c1a0a098d243b2cc4dcf02479412f150c7d15d598e20520b70f6c06554f79eee2edc5e2b621813d9bef4c2b8de74971f79e31f

    Score
    1/10
    behavioral29behavioral30

    • Target

      冰封免费版(请关闭杀毒软件下载)/冰封教程,很全面点击打开.url

    • Size

      208B

    • MD5

      2c4cede73323587fd3024ed0dfbd9b0a

    • SHA1

      25cc15178ec9203f41d981469c54fa56c6bd9433

    • SHA256

      7360599cd1becc1ca2b93db1474d8dad63a18b7c364cc324338311e5d72ba665

    • SHA512

      1b8312ff32c513c0398a2f6059197fd0cdbf5f771f844ade6cfb1160f73af93d4101b68284b5b073bd22588c7751016dde0956eba7f179ae8f9de0da1ea73b9a

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

vmprotectblackmoon
Score
10/10

behavioral1

vmprotect
Score
8/10

behavioral2

vmprotect
Score
8/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

bootkitpersistence
Score
6/10

behavioral12

bootkitpersistence
Score
6/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
5/10

behavioral20

Score
5/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

evasiontrojanupx
Score
8/10

behavioral24

evasiontrojanupx
Score
8/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

upxvmprotect
Score
8/10

behavioral28

upxvmprotect
Score
8/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10