69964c7d88a798d9922c8eef5453bbf959f6d33d067a592203665cd0a611a95e | Triage

Sharing

General

Target

69964c7d88a798d9922c8eef5453bbf959f6d33d067a592203665cd0a611a95e
Size

2.3MB
Sample

221127-babnsacd3y
MD5

988e00ad89c010598defa6c615c29042
SHA1

ac74f37777bb811d33a0987725d80be7bf8165bf
SHA256

69964c7d88a798d9922c8eef5453bbf959f6d33d067a592203665cd0a611a95e
SHA512

d02d5d46348c5a531f1be75abfcfbf5afbc0aa301aedcf96ff009ee64b767d62a191b8dc8887b620403b61a07364c637b48c87d7dd44a6a02485501993dff729
SSDEEP

49152:r2qaXWlkiRctxQHaR1szTFYY45r4UDBJtoUmFOdyxNVb3bQC:r2zWlIDtn1tn+OgDNT

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  LOL老干妈V3.7【无限视距】/LOL老干妈V3.7【无限视距】.exe
- Size
  
  2.1MB
- MD5
  
  2fbf4c7d09243e9fe22d38ff518bfbc3
- SHA1
  
  949764d5f2a084ee4a40a5350144219ff30a1c85
- SHA256
  
  f4a5dc939688a96b43d89cf3fa76c2ffaee928e6daa1185f29baeb1235c898ec
- SHA512
  
  862500c530de3b101d0a29bd91ef061e5a7642e11801cf0cfde2df41ffcdb3b4dfb4a6e4b581bfe2bb2a2cd8b5d7b7d685d59217e1bd2b9f63d762bd663cd3b4
- SSDEEP
  
  49152:WwgGGoPDhl3eiu495vdFCjjw/anzU2fkrWXe1wiRL+SNAZWIx6:Wk/ex0dFCnw/anjkG3iTAZWI0
Score

6^/10

bootkit persistence
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  LOL老干妈V3.7【无限视距】/点我购买.url
- Size
  
  237B
- MD5
  
  18a80b5251a912ebc2668610e3dd30d9
- SHA1
  
  76d399262b4b60b7f796bb0c48bff1a3d8b869fb
- SHA256
  
  c3642a82b61d3a45fcd5ec03b370f834da79039287e0679b4dbf89a3cdeb3231
- SHA512
  
  bc6f3b2cd51a13f240f9af3606953d69722dbd7968dc73da70b2bb869cb3757b5acf22d9ce9ffad60bbf2fd70a0b3aa16f62cb4660ebe92d019b4791c830c745
Score

1^/10
behavioral3 behavioral4
- Target
  
  LOL老干妈V3.7【无限视距】/老干妈破解补丁.exe
- Size
  
  788KB
- MD5
  
  db8824bb6d522ed778c60235dea0862f
- SHA1
  
  d2df7d0c66ee9d990146f9f86eb386f7f0379250
- SHA256
  
  9dcfa892c1e70d028ce1e3219eed29f4a97c44ed5f5e17715271f3539ba3aa5b
- SHA512
  
  de04c53bd003d49265f9706d7af8627527c8630578741cd76a47771907f362476447d06e60fad5a4b48f3f4ec77f789198eeec3a15dba0294c8b11de33a3d44e
- SSDEEP
  
  12288:taHhpoKueoVXsclN2vgFRcjRmh1/vE7FnoZQe:taB0nV8cYgDcVmv3MFoSe
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6