Overview

overview

9

Static

static

QQ空间�....2.exe

windows7-x64

9

QQ空间�....2.exe

windows10-2004-x64

9

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    e0c8ec86599b780881b9b93f4e4c820df408721785207402588a86debc93abe3

  • Size

    1.1MB

  • Sample

    221127-e39cashh62

  • MD5

    17cbe9e57e6c8a05aa50acf8ad485d3f

  • SHA1

    fb457561f2e286b86b70a80179c48b12587fef30

  • SHA256

    e0c8ec86599b780881b9b93f4e4c820df408721785207402588a86debc93abe3

  • SHA512

    760f9185829560bae8f2741b4930c23950ea47c56af204a671ab6787dc011a89282a702586ed34487efa5c05513c9ab2f12f98fb177e8c0fa94659edd1bd6d33

  • SSDEEP

    24576:+UBJWFOeL03jURmczXYiKoYSAh3ZJ1TCXgMPKB:HBJW7Y3jCYiK9jh9TCwCI

Score
9/10
evasionupx

Malware Config

Targets

    • Target

      QQ空间秒赞秒评论系统1.2.exe

    • Size

      1.5MB

    • MD5

      c43bd8fbc267e1b0f2e843fe9dbfa968

    • SHA1

      d287760d628d73abc6e8e9b8aebd08a44bb26714

    • SHA256

      6f8ba7136673f3b59f5ec6a246b3483752ccfd47b0a484f1200431c118abdaa1

    • SHA512

      4676467a37193e5aa2bc76db259a99e3651e0dbf1c4b624be3cfbc5a693b2a924a3230067214e5bbce4e3e9bc8fc0ecbd5826ab4628c80b167f6a1bb0430022d

    • SSDEEP

      24576:ujFdVWlIehG32KAKQdLtanQbuKYxot6JaT9mPT4iDdT2:uFdVWJc32vSQbuKZ6JC8DT2

    Score
    9/10
    evasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      新云软件.url

    • Size

      217B

    • MD5

      e5e80be1cf1a1b2af35991aed091c827

    • SHA1

      79e02d122cdf24da7e59044b4bf83572242b4c71

    • SHA256

      1016d243a1266c9970996f2847639ecefbecc361cd98fb79d27d048eee3dd69e

    • SHA512

      b926f6e34e0e9e260a8f6e59ec8e660af0fea09de91140d968cc7665ea45f840a8951f4a1c0400bfe384d2e269159febfc5e32981b863b9d97830f5eb2521705

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks