Overview

overview

8

Static

static

8

数码资源网.url

windows7-x64

1

数码资源网.url

windows10-2004-x64

1

明月11.7...ad.dll

windows7-x64

3

明月11.7...ad.dll

windows10-2004-x64

1

明月11.7...��.url

windows7-x64

1

明月11.7...��.url

windows10-2004-x64

1

明月11.79/Patch.dll

windows7-x64

8

明月11.79/Patch.dll

windows10-2004-x64

8

明月11.79/TYBOX.dll

windows7-x64

8

明月11.79/TYBOX.dll

windows10-2004-x64

8

明月11.79/YXBOX.dll

windows7-x64

1

明月11.79/YXBOX.dll

windows10-2004-x64

1

明月11.79/box.dll

windows7-x64

8

明月11.79/box.dll

windows10-2004-x64

8

明月11.79/wsbox.dll

windows7-x64

1

明月11.79/wsbox.dll

windows10-2004-x64

1

明月11.7...ox.dll

windows7-x64

1

明月11.7...ox.dll

windows10-2004-x64

1

明月11.7...��.url

windows7-x64

1

明月11.7...��.url

windows10-2004-x64

1

明月11.7...��.doc

windows7-x64

4

明月11.7...��.doc

windows10-2004-x64

1

明月11.7...79.exe

windows7-x64

5

明月11.7...79.exe

windows10-2004-x64

5

明月11.7...��.url

windows7-x64

1

明月11.7...��.url

windows10-2004-x64

1

明月11.7...��.url

windows7-x64

1

明月11.7...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0123418ffeceaec339159113651a7f2bb502b64b25a34d812b27ff88e1e53db3

  • Size

    29.4MB

  • Sample

    221127-h4yhzahc94

  • MD5

    b866a0c2c3cbd1dfafa43f14df9a541d

  • SHA1

    3394c011c2bb545ec4d367ce8667443391be9814

  • SHA256

    0123418ffeceaec339159113651a7f2bb502b64b25a34d812b27ff88e1e53db3

  • SHA512

    e026fbea7be990e0c384525184498be1d4e9b4abc24323c93b3ae383dcd098ad6dd9c2fec2bd126bc5732b11e80e7bcc77bc7a821472d9c13667f85db6cf4f44

  • SSDEEP

    786432:aDKYr+D+hvHtd77Ne8fOmdh0FV+AV80V+KrKHY1MUJBR9/Z:aWYrwu3NRfOmdhNf0V+SK41Vdz

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      数码资源网.url

    • Size

      244B

    • MD5

      305983ae6219bf10d517e168b3ebe5ea

    • SHA1

      b30177e0d7aa2c46843fa9c728c8a9319f34c6a1

    • SHA256

      a4a66ca6e527f6b5a344ec48235b21666f44d19f710ea5d75332e6a4263d027f

    • SHA512

      def75af02cb32b05d19cea6ac978941f93b659fc23a3d8ea29f60874c6875a08274403c125452bd14fc2e878e193eecca70b83f19c22881e3f9a8ab4f6afcb28

    Score
    1/10
    behavioral1behavioral2

    • Target

      明月11.79/CDload.dat

    • Size

      92KB

    • MD5

      b7b04e78799269eb6ae07242efc43c69

    • SHA1

      e580b938475370270a5c3068669f23cf717a8c92

    • SHA256

      086ba32e43977b507a65a78a74a15ee6f23ed961598b73e2c6997896249a46b2

    • SHA512

      0a1ba08439e660b011135b3f3591ddfa5575261a2bd9620f8a0f3e3c041ca3667e1e0850b49c8275f6c9877cce3a53208db2338ff47fa10bf694d4a07ca7c515

    • SSDEEP

      1536:Kj01IgN9qSsxZCMd4J9529W4dWB8zI0rfub:S/W9qPCxYdxWb

    Score
    3/10
    behavioral3behavioral4

    • Target

      明月11.79/DEE.Flym2.CD.GPK通用工具说明/DEE,和GPK工具点击下载,由于报毒关系,请需要的自己下载.url

    • Size

      213B

    • MD5

      6da107d664cb67b6279f0f0e4fcaf34b

    • SHA1

      a11ae1e565c7c3070f4c3e82ee83abceda252423

    • SHA256

      73422c236f30ea2dc9a9890a30f1166dd451c7977323d2b94b85e6dc8430d167

    • SHA512

      dab38e531033b0f2bbd35c5eb88bdfd372441c6e2f0fef51add37fb5309e92c06ad81c87cff97ec778477a915d4b65abbd52205869158faa33d3a2471e68ce31

    Score
    1/10
    behavioral5behavioral6

    • Target

      明月11.79/Patch.dat

    • Size

      625KB

    • MD5

      b30b84fee780d18c50abb5362660afe8

    • SHA1

      4abebd38e626e46fe733651ddcc5473e3963dc33

    • SHA256

      0a8424c869d300140229b5beb056c6d17cd406b49301c4201a0d3107183b1a8d

    • SHA512

      f4fba6721e7a427506602a98ca4fa329fb0dceef447d11a0ae838832d25a3e0aa7f22e3fd053f62898de2a7387cb4838a139b16dc3c23c960e5cd835ef8a5f64

    • SSDEEP

      12288:lI6mIjEM4kLEXUekMDauTEgQk7nbEZqCS0bNgWIwNWfVPfo4OCu9MK:lIhpM4kLYwyawES7O3CwMfmQK

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral7behavioral8

    • Target

      明月11.79/TYBOX.dat

    • Size

      913KB

    • MD5

      5fc6f3a85c6ac96815669e4124c68085

    • SHA1

      43487869f89df6d0a1b8dbcb7dbbc1616c766387

    • SHA256

      573f8328caca5de40977f8b9d653010a2280d3bf7422a00cd8bd36bb0f3e2862

    • SHA512

      74433c5323aa71b3559827d0dedf5c4feb17984df510c8888977c8b04a9c80e08b254dee8c6e063b61ab417aca449cc132663c679f63ffccbfa28a08b17f7fa9

    • SSDEEP

      12288:o6/8XLLgKvCSJIxjYZ5sIqMrxMMWaD+OkNL0XXOYLSbllMBBuFsVAHjF1y04ONMN:ouHKvCSJxZ/1hWb/EZSb0ESW3NMN

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral10behavioral9

    • Target

      明月11.79/YXBOX.dat

    • Size

      425KB

    • MD5

      5c1427f6a24273bc5dfa9020ab73b351

    • SHA1

      58efe46a6d9fe6593f645591e5609fc48cb8a833

    • SHA256

      490bc43af0073d52d71c8d7528c71e16f9bae86f658a8fc88afe313096719e03

    • SHA512

      e8e41ee688479db47c44c661c00dfdba41f3990ec8cdd2fdc641f37f3688ebc617510001661bdda4cb9ae84aab83e6647551154121ff2852ca136b724852afb6

    • SSDEEP

      6144:D3YySn/l8mWgtJ7H36S+fk5Yn5mUak9EU601J1vye6omivb32gaWTEvWyItH2Szv:jYPFBJ7b+Mo5X9E10hDJ32nGEW5kU

    Score
    1/10
    behavioral11behavioral12

    • Target

      明月11.79/box.dat

    • Size

      2.7MB

    • MD5

      d40c606ef8cd891352a863b612ef317c

    • SHA1

      815fa415695b203970012a719ced8c7bcd9b2824

    • SHA256

      93b0796a736ea8d4bc9723eb55ce64e49605c55332494498a4cb24828f74e631

    • SHA512

      1e678e1e5ac2e802c1122c7a46dc3d8295d224cae737f56ab8bd956815f3bcb0e0a0f2f9fe757c3444da91911fb5f603ae5ddb8b741494bd8cd0315f0ddd1ab1

    • SSDEEP

      49152:I3+/qXwkZaKnieQvldCcAytk9CJis3/r/pU4u4oMsFB3aZ6OvmiixHXnSu:I3FLIKidjAl9ab1u5M+wvu1

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral13behavioral14

    • Target

      明月11.79/wsbox.dat

    • Size

      630KB

    • MD5

      3c2454abce90428bc45749cdd266d3b4

    • SHA1

      b1506fc7eb75e427655f2dd9d92c3d7a8e9d3de0

    • SHA256

      354dd101eb1d3f7a8c2eb68b357bb9dd67936c8f23170af6b580ef0e18c43f64

    • SHA512

      679786b8f2da3c06b1f62a06c12fc2fb8b57302dc1ce6d3e5c3cedc554450e3d21cc625a4d92128627d12973437ed7dc1ffaf610cf40e6cbffe85ddbd1cfc041

    • SSDEEP

      12288:u3NBMO1GG2hNyCrlXhxFIbUr1jnnjomY9Pp/8W:u3bM74CrlXhYQrtns3ZV8

    Score
    1/10
    behavioral15behavioral16

    • Target

      明月11.79/xjxbox.dat

    • Size

      540KB

    • MD5

      8e4ec730311d1e4af1657cdce84e1e08

    • SHA1

      ce401805a0bbedc1737b62d5e90a5164433811fd

    • SHA256

      7820af9974bd3ec2f7dca155d89e62501eda393b1738cd0cbf72197b91d4af1b

    • SHA512

      2487f1c5b3c25aa4a61506905299143839c7cd9f037089b6924f194fa9bf5e86e38cb3ce038696b48dca1b1695d689ad9bf5318d199852a9f0cd1059e1ddd8ac

    • SSDEEP

      12288:NeT0Mh5UOJ9GviNGrD/nOmq4hNq7oDP4mwGOsKRoNrfEnfM8O0:4oMdJ9G6NejnXH3wGOsKRWML

    Score
    1/10
    behavioral17behavioral18

    • Target

      明月11.79/外挂视频教程.url

    • Size

      146B

    • MD5

      df2ddb567443e69ddac39efe933bdea3

    • SHA1

      24202f7647ef31ae3c951d4fd1eed54c86865464

    • SHA256

      a93fa30543a5b56532125757dbdcb8130eaf9c677f2487af0924fcc5943ca936

    • SHA512

      1c4253df9242b0cdd3363d7e34cd6dedd3a0801d380bd638d080946a5c11e63419ecb40dad7dfb31d45470ab7b7d925143484713789aa512da3576dbd6c9d20b

    Score
    1/10
    behavioral19behavioral20

    • Target

      明月11.79/多倍刀与调试速度详细解说/调试速度,用法以及基本原理解说.doc

    • Size

      55KB

    • MD5

      c7bc12e5330b926e50f214fecd202c8b

    • SHA1

      0c054779193cd61163812ceaddbc733a46784eeb

    • SHA256

      fdad28b3ed8c77a3deca0a4e745f3ee3f33800a6abd8176c85c2483be1956800

    • SHA512

      59c3389abc9593bb866bc53c0be2998c92de981719dd4cfd58fc0c5e711673183b50533dccc7d962b1db7d2bf140361e8493e9fe48aec627a42bffb7876845c9

    • SSDEEP

      768:Ol2sG0vwAtSRouwwvmfuLlppYj6nXJgLJbuXOFL3vXgvnXLjNpy:Ol27YtWouwk0mkJbuXOFjvk7j2

    Score
    4/10
    behavioral21behavioral22

    • Target

      明月11.79/明月11.79.exe

    • Size

      5.3MB

    • MD5

      ec1b6c81d5624cb187a1eacbe30ec10f

    • SHA1

      9bcb32060d402e7d0b800a8965164a69c40f5eae

    • SHA256

      909d9a043d7c5ea7919946c97c8b5fa0d3dcc278785dd0df230402bcb01e4e49

    • SHA512

      5cbc8877e3fedc02aad5a63c02b496d1e0d878adeff6446a07b605a86b80e83e724f432df902679619aff98e0f5c7deabbe3f113cd75eabf0bc5685083b67398

    • SSDEEP

      98304:zhAb/N9kClEWLSYOy1gIDxC2oNhzf8TrlMTb7BqAbhNVOP559np637jec7:z0/N9k0TOy1gsJofzf8TRkBqsh+55E75

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral23behavioral24

    • Target

      明月11.79/点击购买辅助.url

    • Size

      175B

    • MD5

      d6b1a47a52f417fc41890bdde5479b8c

    • SHA1

      42a3131effdc688b231bbc12943aae19e0ec673f

    • SHA256

      8c11677f9c47984172a5f75547df9a6d73fa6dc26e3b54c3df543431b533c7c8

    • SHA512

      71831844ccd33c17e41d5f84ba4390c7df524e4154cc7a12e1b1b57073a9dc62d6065220c4eadc41366347e6ba15343e9b480929d3f89a4e3413d952171cae9f

    Score
    1/10
    behavioral25behavioral26

    • Target

      明月11.79/网站和下载地址,点击访问.url

    • Size

      149B

    • MD5

      505fa72890da98ff9228c610d5f71ea6

    • SHA1

      1d255878fa95239a221d19e6ac336bd7f790c207

    • SHA256

      39c48dfd76262f2072d86d6947b4aafcc4306dbbd5e3223511b9adfa6334546e

    • SHA512

      45b793ae60c16e3d2fecbe18d103d475569058ccc89eb3fdb6a37f9b348bc21b8e94809c62f4b868e7108dafea8aa26c2477de7be6b16a317fe30734f60142ed

    Score
    1/10
    behavioral27behavioral28

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks