Overview

overview

10

Static

static

9

dm.dll

windows7-x64

8

dm.dll

windows10-2004-x64

8

绯色月....0.exe

windows7-x64

10

绯色月....0.exe

windows10-2004-x64

10

软件下载.url

windows7-x64

1

软件下载.url

windows10-2004-x64

1

软件教程.url

windows7-x64

1

软件教程.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2231f01da5a72f77e71791551b005465eca17b9ded4ed0330244ecc86e22592f

  • Size

    2.6MB

  • Sample

    221126-ylmxhsae68

  • MD5

    28bb4cb5f0a1d20e707fc8ac041042ef

  • SHA1

    b6d493441040cc38f4a006c845cc4a77c2a76a64

  • SHA256

    2231f01da5a72f77e71791551b005465eca17b9ded4ed0330244ecc86e22592f

  • SHA512

    61aa1607fca3b0459299cfa85e48e7d40816f1e275aa14af6ec95d7ec465476661175417b416d3f3763362cf6c06ac8a0b72be19110edd81936b6d188c9cb0bb

  • SSDEEP

    49152:UpVsGHf+xtMW3CgATMLN1to4blQPpradYXe7k4hs74kDFRYV:UF/+B3BZR1KGl4aOVljBa

Score
10/10
phishingupx

Malware Config

Targets

    • Target

      dm.dll

    • Size

      811KB

    • MD5

      7cc660f1afcd5122a4a142f33329b7aa

    • SHA1

      e523b79e6f7177fe00e9e92613428c948b8aaad3

    • SHA256

      7e59ab0f1f701558c2273021b16c995780fbd134bc5eaf0b473ecf0d23d4526c

    • SHA512

      7e598ebc1104e81c28f32c30a99fe54213b142b7c33e28fd738109ac27064dfa8a288d945238786c5ee5601a3f40a8fbf759eebe71765ed66e4d04db99bcaf9f

    • SSDEEP

      24576:qR+tvwUqOtQEtCFNwb3srUyT4B9L7COykjKIw:++OY46b8d4vL7COyI

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      绯色月下三国杀挂机v4.0.exe

    • Size

      1.9MB

    • MD5

      ec32a70df3c7d6d90bd178d035566aee

    • SHA1

      473bee114062f19e9372ff9e75f226d4ccb93cb0

    • SHA256

      82c5f73bdc2002c9add296ce5ffb792169c9e15e2877e5b22fad219026a890f0

    • SHA512

      23bf5634d0e0394fe96696a9ac1a76e1cc69fd70a9f920374a5ab7b4f0064622a1bd0d08b86125298ee57c67d8c243148403763cedf2fcc86afb2ea1f1bb8aff

    • SSDEEP

      49152:EM8WWQs9yQdye+M/jbp27i1D1lTVA3zJUYtLc/m9VEWeKsgDzmRCL:E5ng7goIlT+to/m9VEWeKsgDzmRCL

    Score
    10/10
    phishingupx

    • Detected phishing page

      phishing

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      软件下载.url

    • Size

      48B

    • MD5

      67a0b81ae8dd7fff81116bda98646ebc

    • SHA1

      cad7f6566d8e50cdd8a343bbefd93cab99da76d8

    • SHA256

      7bc3e3896f919489ccd212fa753c413bda8c25c43d3251ae1e8c10cf832974e7

    • SHA512

      7619d648f000fdbe274cb6859edd7d2353c2dec1336d12e9cafff0fa36b30dc008d41a5982a64da954840bbdadaf520d66bfe2bc17da327ecf5f878a4c02e0db

    Score
    1/10
    behavioral5behavioral6

    • Target

      软件教程.url

    • Size

      103B

    • MD5

      ae36a737c19a3ef04f1573efffb4e6d9

    • SHA1

      c859cdf02093f9e09caa7a854fd52cc4590a444a

    • SHA256

      746b0a873a999a02a47ae577aaaff7ec57f7f141255a61911e26d6ebcc7eb4d8

    • SHA512

      b6761ed1953b95e99797d25a3c4215a122a4473cbcfcb9b2e373f503ce5917e1407991588303642cfd67ca2f01119edef7050f1840eced084019a8c3b0829e96

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks