Overview

overview

7

Static

static

搜索利刃 v3.2.exe

windows7-x64

7

搜索利刃 v3.2.exe

windows10-2004-x64

7

比克尔.url

windows7-x64

1

比克尔.url

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    acd9296decaaf4d24cb6ecc88424f48a67b04b3226e782e96ea21e4b0f636dff

  • Size

    1.3MB

  • Sample

    221127-frrhsabe54

  • MD5

    3b0b1322e4ac80b2d216408bb05137d9

  • SHA1

    2bf017b7a756995c9f74e92fd8e07d968539d188

  • SHA256

    acd9296decaaf4d24cb6ecc88424f48a67b04b3226e782e96ea21e4b0f636dff

  • SHA512

    8595f3f64cc224c7f133395de82bfb335293219ab467232059cf9c51ab4fbb50eacd752a9962ab5aab25d2aadcda5b678b74da606b375f62bdff339edaef527f

  • SSDEEP

    24576:d0SNgfDHjcLymvh3Pm6sGaq1U5k9u9/bLZPJjBG7RklBpWDsclm:GSCjcZvdmKn1tQjLZP1BmRklBKscE

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      搜索利刃 v3.2.exe

    • Size

      1.4MB

    • MD5

      b3b58316d04d7c947d1041c1268c150d

    • SHA1

      9f21e538b2a00aff4ed87ffbaf23da8285b3456f

    • SHA256

      7474861a84b08d8a11092a12900011e9eefb8aa617b275a420289503d8ceaa39

    • SHA512

      7efb64792ecfdcc8d5ecd1c76e261b3e03f86aa4f8a4a8a02ebca9356d3a9d903a550079cdfaff10af8ba5c2267f1069ce0521c0ed5ec9861a9bb4943d4760ec

    • SSDEEP

      24576:7wgANAvijIgVsRYO6rw2yKidN0dnG2SUYPudf3i3j1ji:PIQijIgCRYVrw9HdNWVpGuE3j1ji

    Score
    7/10
    bootkitevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      比克尔.url

    • Size

      174B

    • MD5

      b4f682d95ca18141304d88346dcb32dd

    • SHA1

      cfd612d9edc6926485ae4b9111ef282a75c81aab

    • SHA256

      6ffc24ba95d4fb28807b1748c76ef597c299a580bf2d43f1567f65b9fb897a93

    • SHA512

      4cc117b053edc374e83a294e070e5a1748aa5b48a33e755e321716df1c7a2d6d4281a5b6f30cbbd07bfb331bbfee31973bea7561300f249a12052f543609ad08

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks