256b2b603195d3c4a30c4c4ebd0db38859d0d0b2435d96005119b8f63fa6f410

Sharing

Copy URL

Twitter E-mail

General

Target

256b2b603195d3c4a30c4c4ebd0db38859d0d0b2435d96005119b8f63fa6f410
Size

8.5MB
Sample

221127-hjaleabd4t
MD5

30d70a671180a6863bba9965c86caef4
SHA1

e03f657abc61131608f215ff6a1bc75b08692bc9
SHA256

256b2b603195d3c4a30c4c4ebd0db38859d0d0b2435d96005119b8f63fa6f410
SHA512

e9c3ed2b867c4e39f37685ebf16255106552c3b8a5f99c12f41e548d54b636fa1811f6e9ac57029931ab6ed894df12f86a9c49969f7d3b459b35e5c589c4f446
SSDEEP

196608:WWyrY95J/W5uJs9TrCjBr1TwsArnSTv4mx+chd:WXy5JOh9TrCjB5EBnEpd

Score

9^/10

upx

Malware Config

Targets

- Target
  
  91vpn(3.5.4)/91vpn/91vpn.exe
- Size
  
  307KB
- MD5
  
  3896a09770a42da96db5fbf530903203
- SHA1
  
  3004cce7e3ca6692dbfb61f40560734c492b6f9b
- SHA256
  
  bf9001e1c780d0c0f650c4481a3750c30132b8d932c511215e07c631c6cdc658
- SHA512
  
  9840a2075ea8619b34bbce12224b747fd5789e43796a43d5c82ecddb42a54912d7d4cebd6c3a595d09b23530d6cccd0287f12eb0637d15cb7135d228d6aa1a5a
- SSDEEP
  
  6144:rzmKnGDcrNkB5HG9QYQM87p+CCZazquuq54t5XPg0gQAAitfGFOyCuXwL5ceeLec:3hnXeLHJYQNiZa2uuq54t5Xo0gQAAity
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  91vpn(3.5.4)/91vpn/appface.dll
- Size
  
  277KB
- MD5
  
  ca69f84b164dd69a96bef1b2761c7596
- SHA1
  
  81f352575d8056a8516b9cbb4f73b8c0c6730c28
- SHA256
  
  e6870e771feb8095b42f03349032cc08ca01948b6672ad307f7355232970e895
- SHA512
  
  f9ffc2ae28cb596f4c010ed860275c2ee2bdf96ac34ee2dd3b20bcf1c636d1f760ece74946c10eb41a031b61882a7eceaeac8b70e6a1d8ca03b02ebcaa38f857
- SSDEEP
  
  6144:FTa+ar8WYs/v9tS08ttqgGEp2zL6UQHNWgb5sZN4rZ2BYejlNTqFg91k:FaDxlx8hngH6UQH3CZNkI3O
Score

1^/10
behavioral3 behavioral4
- Target
  
  91vpn(3.5.4)/91vpn/httpproxy.dll
- Size
  
  105KB
- MD5
  
  16848d947d10770269512554a0defb7d
- SHA1
  
  5299bc40a1944a34537904983af7b61ada6227c3
- SHA256
  
  41a8aca7eb8483243676f2473cd98de507d814fdd7db81653c0aee0a69cdaff9
- SHA512
  
  5bde5b62b30365ce14f94d7546ffa015f4c07435211078c5e8767886b1438e361763c09d3e9e05193117e3c5e57bda048eda211b5e36132139ac690b5eafefb8
- SSDEEP
  
  1536:e8/zU/fGxBhO05YAoEYH7Th4F9dxMbRSPkJsBTAALlkWtOnCEePRQyo:tzU/8hOOxce5+beBTAALJOnCEePCd
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral5 behavioral6
- Target
  
  91vpn(3.5.4)/91vpn/mfc100.dll
- Size
  
  4.1MB
- MD5
  
  07bccdcc337d393d7db0b2f8fe200b3f
- SHA1
  
  5a02b227cb0a22a8e7884cd138c3e8568d083d94
- SHA256
  
  bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4
- SHA512
  
  e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639
- SSDEEP
  
  98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG
Score

1^/10
behavioral7 behavioral8
- Target
  
  91vpn(3.5.4)/91vpn/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10
behavioral10 behavioral9
- Target
  
  91vpn(3.5.4)/91vpn/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10
behavioral11 behavioral12
- Target
  
  91vpn(3.5.4)/91vpn/updater.exe
- Size
  
  75KB
- MD5
  
  1bf4e650ace71c93b6b768db6538fd5a
- SHA1
  
  9b4d3ccb7dc6db7167b00a9720b60f23c6237d7f
- SHA256
  
  3609ea382a9ea5fde45e9c7281a81e3706534a2a4db6bce068c03c07f9dee0b5
- SHA512
  
  c24882e9e131ab609f4f92d8824c444922d86c0b8cb5b71617bb4646c2abe59bf4030dff910dc0f38b7e7e559a37311512a762c08d47b77e4fc04643ef3e83d9
- SSDEEP
  
  768:Pf6DuCdfJSyQ8wXPGjH+9LE+31lwPfJHp4fgKIj6n9+6gOrGdzRleMM2DQvcZL+U:36qwS2y9LE+3DAHp4AVOS9eT2Dbqa
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  91vpn(3.5.4)/91vpn/vpnutil.dll
- Size
  
  750KB
- MD5
  
  2a85f60ed95582d66ebedeec374ea64e
- SHA1
  
  ad1b515b0b72e6d51563e89f40b23e62630c39de
- SHA256
  
  163399e825d23c9c019a9bd03a58328d365a5fc9f80af1e516ca7412de2c49e6
- SHA512
  
  cb2766a0bcd7f6979831f004e84b15df18ba33ad11d6ce20b6432845074e8249de72c906cd4900576831c21d09940b9e30b701db839b0aba299ff364d9e8b458
- SSDEEP
  
  12288:3ysfcCzYEjeYL89XikxFkPBs+OeO+OeNhBBhhBBdlrYj5cEwmco0LgUdj:lzYERL89XikxFkPnYj5zwmd0LgUdj
Score

7^/10
- Loads dropped DLL
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  91vpn(3.5.4)/91vpn/zh-CN.dll
- Size
  
  96KB
- MD5
  
  38b5032035c89460e2a2b65373131a63
- SHA1
  
  c463ed6295637980bfb1d397ac8ba556d53cbebc
- SHA256
  
  96db6715ef3dd940c2759dbe74c15c9e0be4b94f2a9661e33bdc9b6794f1ae06
- SHA512
  
  f855b813553164500405f86977f3bf68d928cd263d12306c97e28190cc5ed73c11807a01cd94e94a4c097018e865c9c108c625393ef281ad0fbd5e97665bf6c7
- SSDEEP
  
  3072:7HWhnZ5ceeV4Q6rwJMLUiXMlQZHIOzztDev:aL5ceeLeUMIiXMEzzc
Score

1^/10
behavioral17 behavioral18
- Target
  
  ͨͷQQӺ V.4.4 ʽ /EThread.fne
- Size
  
  60KB
- MD5
  
  206396257b97bd275a90ce6c2c0c37fd
- SHA1
  
  3cae4506a033cf7e97156d5261f2a247c6270f42
- SHA256
  
  64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c
- SHA512
  
  4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455
- SSDEEP
  
  768:r3gWNW3gyVNWTmOPMJcyS6K7viaViB9V5yHQ6Fq4oCaJa2OJK:TXkSTmOP0Cbu2BboCaKJK
Score

1^/10
behavioral19 behavioral20
- Target
  
  ͨͷQQӺ V.4.4 ʽ /HtmlView.fne
- Size
  
  212KB
- MD5
  
  f9a994df4d407bc79f7c84886fe7a654
- SHA1
  
  c93e4be70794164b7b339218cc832ac94074d08e
- SHA256
  
  2e9769ace867c79d5fcdda0eb2660c52b5e062c69b36add42d22eb0dddc4b3ee
- SHA512
  
  41b1333ed08c10aaef3d766fec2d6b2fa4c79001d7ce18a06918c2aa8c4ade69018522882bfd4543add31efbef5e7bb450511f80dc9b580eb022cb7c406a820e
- SSDEEP
  
  3072:16Is7zQckrcCmmIyREYf+le25zkSHAx9NnU7uJIgoPNH34pzGd1AOXu:16WmmZREYmpNCg9m0X
Score

1^/10
behavioral21 behavioral22
- Target
  
  ͨͷQQӺ V.4.4 ʽ /UUWiseHelper.dll
- Size
  
  284KB
- MD5
  
  dc6b73cbd1f6f5cec640a8c634ae50c8
- SHA1
  
  b83fd1c83c4bf4e9cb9339026bd877f11a72fc1f
- SHA256
  
  3148d4ce90265cf69bc75c62f5c3988c69c944803efd0092dc3499ac3c940c3a
- SHA512
  
  39ea04686c1688fc6de85949b65caec0380e322952de28f86da53d2ed628bf601834c19ec3e57aab74a7566b4e53ec325967cdc71827c0f678887314047162e7
- SSDEEP
  
  6144:kdMZ8iS+i99HLodnlw0jqXP5leLhsA7rQ1:2+i99rofw0jqXRleti1
Score

1^/10
behavioral23 behavioral24
- Target
  
  ͨͷQQӺ V.4.4 ʽ /dp1.fne
- Size
  
  128KB
- MD5
  
  07201b1fd5f8925dd49a4556ac3b5bab
- SHA1
  
  a76afbb44376912f823f2b461507c28d2585a96c
- SHA256
  
  abebbb0981d3d51eb63abcfa68be98da0cae4e6e3b143dd431fc845d1457dbd2
- SHA512
  
  0cf673ce1b6cad38f0211231e876f00f6a8397a5f3e71680046f4a216bbe0f47f4541e5f5b49364310e41a04cce14703459725c3d9f052f9da13624e73753e12
- SSDEEP
  
  1536:tiDSn+hfeTpCwAncpZ6Z8HTiQjl1sYiKG3oe/:UDTReTgwAcp9lqKG3o
Score

3^/10
behavioral25 behavioral26
- Target
  
  ͨͷQQӺ V.4.4 ʽ /eAPI.fne
- Size
  
  308KB
- MD5
  
  7c1ff88991f5eafab82b1beaefc33a42
- SHA1
  
  5ea338434c4c070aaf4e4e3952b4b08b551267bc
- SHA256
  
  53483523c316ad8c022c2b07a5cabfff3339bc5cb5e4ac24c3260eea4f4d9731
- SHA512
  
  310c90c82b545160420375c940b4d6176400e977f74048bfe2e0d0784bc167b361dc7aac149b8379f6e24050a253f321a6606295414ea9b68a563d59d0d17a48
- SSDEEP
  
  6144:yE+ULyjYsLavN8JFhOyccPT8oV2wQfRayWjG:yoWRVXUyhIoIwQ4VG
Score

1^/10
behavioral27 behavioral28
- Target
  
  ͨͷQQӺ V.4.4 ʽ /edroptarget.fne
- Size
  
  156KB
- MD5
  
  ca77aec89bd2f81bbef77ff26b88148a
- SHA1
  
  27e8eb70f218d5d085344fce21653dc31e0dda29
- SHA256
  
  1eaf42e6c734eb332f0edf7d3cf7c408f72b3267ae5408675d3604a6b23319d2
- SHA512
  
  985592f5a0c5916b1dc83079f17abb0fb4fb20aeb8b9a9d6ffd1b196eeda45d5d2393654cee3e6c1405d431f2fd55403ce734d75a948fdc56fea2d67217067cf
- SSDEEP
  
  1536:Mlmu0yIWJYXLgb70TeNBmcnJwm+4zzZj2cyowaIezzUSTqigIZntGoWkiOD2OWrL:Mlmu0yPSb+bSm+gZNKZfDoWkVTj1eF
Score

1^/10
behavioral29 behavioral30
- Target
  
  ͨͷQQӺ V.4.4 ʽ /iext.fnr
- Size
  
  204KB
- MD5
  
  856495a1605bfc7f62086d482b502c6f
- SHA1
  
  86ecc67a784bc69157d664850d489aab64f5f912
- SHA256
  
  8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf
- SHA512
  
  35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9
- SSDEEP
  
  3072:qOs+pOZXaFAO0shQe9lkvelFv76OD5KoUThiL5t3gIn:C+0cB+vebJ6iLTF
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Loads dropped DLL

Loads dropped DLL

Drops file in System32 directory

UPX packed file

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32