e23077e8d475b17d0c39cc4bb6b99ea119212142117fff4a59d907641ab49acf | Triage

Sharing

General

Target

e23077e8d475b17d0c39cc4bb6b99ea119212142117fff4a59d907641ab49acf
Size

4.2MB
Sample

221127-e3m43ahh26
MD5

cb4999cfac3ffa1782dc86f4875f6238
SHA1

f5d63351cf57d70fe3146085a59a8069e0c006d6
SHA256

e23077e8d475b17d0c39cc4bb6b99ea119212142117fff4a59d907641ab49acf
SHA512

f9e520816ddc748d1a8561567a600242aaf5f60b342547975d4e722682c120b1123e33ebc24c792b428cb3daec0191ebeb18694adef03592d45fab84192d271d
SSDEEP

98304:M9PN6JtrqgTnbgSxLDsEjmK0Dt7nrhS7szVNojBh6iJ:M6Jtrq0b9DskGrU1J

Score

7^/10

evasion themida

Malware Config

Targets

- Target
  
  GBQ4.0破解补丁/60天破解/文本文档.bat
- Size
  
  53B
- MD5
  
  06820a0f206081d68787dbe679cabbca
- SHA1
  
  120beef82a09d14aac30be4f1c334f15c818afa1
- SHA256
  
  35e615b7634b08912540ef2637a11ca46f1e6615e5787ba32db462b9c4db8d9d
- SHA512
  
  a61663d4f2b7e97a01e259bccbb87430632163593529de74896769142347ff35081d6455f03b2caad462a0a657f62cd60a2c7989b1fc1e3d7be66c872686525f
Score

1^/10
behavioral1 behavioral2
- Target
  
  GBQ4.0破解补丁/破解补丁/GBQ4Common_D10.bpl
- Size
  
  1.9MB
- MD5
  
  2154df36029b74258b328d7e448f8f37
- SHA1
  
  b04a56d7ee7978cf7e3eb132c9efff8dcf38a6c9
- SHA256
  
  bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a
- SHA512
  
  8e479d0243683bfbf2b03bc02a8ecfbee501cb3f1467bcbd210ee492656379826093ea16317712e448bd8f9547c325257d28b1317f479a2990e902487c8a855b
- SSDEEP
  
  24576:ELeMBrg2O9r0MwAZqU7SuTm987+W5pzvKaN8+yg851AIilofd/b+cb8cn+ivFrf:EePwAZqU7SukO+0pj8ng8fAKKcwfOZf
Score

7^/10

evasion themida
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  GBQ4.0破解补丁/破解补丁/GrandDog.dll
- Size
  
  2.5MB
- MD5
  
  6744c1120c733ada2a28373d6dcd6194
- SHA1
  
  db10ea574d3e7855c97b33a935cdd71bd04e2657
- SHA256
  
  87eb149b15b6899a82e359b00449b49c434986a7c29e8997c48789b48b322538
- SHA512
  
  09352c726efac4a12ffa88d7475086f33b0f274ff3f9f879612f08ea0b8ebbe78e8ebcd5118b6d21e155e3b097ef4773341f884ba6e3f72a332629430c959627
- SSDEEP
  
  49152:D4Y1S3PU9hU/ZJ+cWExue6qKZ0qNoN+ju2qVWJ4Sq60VXl1uM11Sqqx:Dr10uU/ZJ+cWEMe670CY+ju24WJ4Sq6i
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  GBQ4.0破解补丁/破解补丁/GrandNormDBEngine1.dll
- Size
  
  1.2MB
- MD5
  
  a8db85e4b201f5463486b9199ba5cabf
- SHA1
  
  ba7ca66d20952a03a8c9e10595a5e802cfd6737c
- SHA256
  
  eee958ed2efbe93f456dc32c768933f4c414d50ce00a9978376dd648dec2a1ce
- SHA512
  
  7dc5ee0be74421fa9f55a114f8517e9d7194c28fcd585ac1730fa68b9e27f32782f0e151bde7bcbd7482a5c3a9c414dfff59d998951e14ababd41f1be11c484f
- SSDEEP
  
  24576:VMgb3DAGvywJwh/qS75pzvl1yU/jL3NE709WE1VKOcODYDbQQzF1fSSadyrz5Z:5bz3vyf/1pJJrxETVQQR1/a
Score

7^/10

evasion themida
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8