2569c3c02c007e535773d74803faa9e5ebb3b4bb3c0eff1741c980edacccf863 | Triage

Sharing

General

Target

2569c3c02c007e535773d74803faa9e5ebb3b4bb3c0eff1741c980edacccf863
Size

5.5MB
Sample

221127-hjb48sfg44
MD5

4765a4fee8e92178c6317de3b4956a6e
SHA1

d8577e806e350b175fbcfefe20b1a75c1036336c
SHA256

2569c3c02c007e535773d74803faa9e5ebb3b4bb3c0eff1741c980edacccf863
SHA512

25959d38c800fc99d849e9b5e596fd564ae9209e54cb011dd09539bcf6ca3e6295b5313d5f187c6497ff0ffd58cce76936663cab77154a4881f1adce0f0b3edc
SSDEEP

98304:zYFCUg6zmY+caVnfusE61HZdy9eeJlqy4ST2Pah7sdERZEsLF51ilhPBE4GtyiD:nUPd+cqG6gCPayEEsRMdBzuD

Score

9^/10

upx

Malware Config

Targets

- Target
  
  bwwxyxw_gr/SkinH_EL.dll
- Size
  
  86KB
- MD5
  
  147127382e001f495d1842ee7a9e7912
- SHA1
  
  92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
- SHA256
  
  edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
- SHA512
  
  97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
- SSDEEP
  
  1536:s5Np2dgZgIehUUS3E1Ujmrvl179D53UWnGQRJZiXRmrCnKptnouy8K:s5Np2dlUX0+Cx17F8QRJZKmOK3outK
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  bwwxyxw_gr/dm.dll
- Size
  
  804KB
- MD5
  
  c578b6820bda5689940560147c6e5ffc
- SHA1
  
  922e50d89c9c44bdc205ef17aa57212b64e58852
- SHA256
  
  3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389
- SHA512
  
  9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85
- SSDEEP
  
  24576:3rhlxaCsVb6KoTpZCFg6DTk1F2RjkjCQG:VWCsVb6KUpZ+hDg1F2d6
Score

1^/10
behavioral3 behavioral4
- Target
  
  bwwxyxw_gr/reg.dll
- Size
  
  5.5MB
- MD5
  
  bbbcfa4e934122ba0a96a9dff367cf5b
- SHA1
  
  3346a1ed1fdb4c33bc1956338f79f08f6dd34f26
- SHA256
  
  e11337c42792606196eda4a6f9c9cd22cc9ba59feff9acf74022fb46fbdbf5b1
- SHA512
  
  76d337708b20086888e5f3037d29f8a37bfd98f9eff125f6f2dd4bb5ae823c1ac76cebe54383bbb8ce038d27bf7f86bf96c6f585e21bf7c1c80e9b7317e63337
- SSDEEP
  
  98304:WGdZusmwYqdwkLcHHj5SbWf+YFCNK1oLZliOuz5+If9kuPJGGf6iOdDEvJ:v5jAjQaf+HNKcqkwG46Jw
Score

9^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  bwwxyxw_gr/更多软件下载.url
- Size
  
  219B
- MD5
  
  122e953f3a92541c27cc62db2d9bb0f7
- SHA1
  
  5c85d98b4bce0daac9631297ddb00b005161d131
- SHA256
  
  5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
- SHA512
  
  77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score

1^/10
behavioral7 behavioral8
- Target
  
  bwwxyxw_gr/霸王微信营销软件.exe
- Size
  
  1.3MB
- MD5
  
  9334885d21586062eff80dbef52e1541
- SHA1
  
  564f8ec68172311ad209dfe843aa955da1959f44
- SHA256
  
  85b8428400a43fea8f27809538a04fb3ec403a2ca88ee852534d4efb7ea1b28e
- SHA512
  
  c682abf4a9a4a8e5b9cc6ae3cb6b7fd7347a9c95b36adf162ec3f555ecd6d748aaa6a248b0647ef3c3de079ab9b2a51e2ece23f4e2379589468ae58ab8f69c21
- SSDEEP
  
  24576:SJyhowCsDm/XBK6TZaqdiXSp0c02uFG6dAk3xM5:7ob/RVTZaqdwk0c05HGiM
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10