Overview

overview

8

Static

static

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

逆战嫩�...p1.exe

windows7-x64

8

逆战嫩�...p1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e2d18ab230cc779e34752b45e5407a14897f99d95d738a173dd1a397061e5bc

  • Size

    1.4MB

  • Sample

    221127-jnftnaag63

  • MD5

    5f8690b61c60b3b94e56cc9abfa5f6e4

  • SHA1

    751620ca1bec2c6593b23b06c7bc6e0db3f2f8a4

  • SHA256

    0e2d18ab230cc779e34752b45e5407a14897f99d95d738a173dd1a397061e5bc

  • SHA512

    ceacc65c33d51c2dc43a6cdbc394a115d6f3019ebf18939fb007c4a57a9faedf1955556e1b1a26326810c74cd6c1ca72ef6075328a1a3e3937b794986c5c5a95

  • SSDEEP

    24576:tIMl75uVWx6zVs422YbD4yGcBgHNbZu8J7sSkF2l8EfKz1NMO4KGakhASGOTV:+Ml14Wx6TB84yGcmHfuyflezbMWGsBOB

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      新云软件.url

    • Size

      217B

    • MD5

      e5e80be1cf1a1b2af35991aed091c827

    • SHA1

      79e02d122cdf24da7e59044b4bf83572242b4c71

    • SHA256

      1016d243a1266c9970996f2847639ecefbecc361cd98fb79d27d048eee3dd69e

    • SHA512

      b926f6e34e0e9e260a8f6e59ec8e660af0fea09de91140d968cc7665ea45f840a8951f4a1c0400bfe384d2e269159febfc5e32981b863b9d97830f5eb2521705

    Score
    1/10
    behavioral1behavioral2

    • Target

      逆战嫩草透视辅助1119Sp1.exe

    • Size

      2.0MB

    • MD5

      1ef927006683a9187cc55c8efe36e256

    • SHA1

      bccb3687d7ce6caa1c8c6d1ee21e99aca9acf21c

    • SHA256

      6854daefcb6bf04e35ccdb1bf08ce75315a3fc8bb19d0182a7eddd5bfe4ead7b

    • SHA512

      0d76cf765eaeaef62f104fc9c6b2d9bb2a401c39e72df7fb2199b2348b5b3f482725f098125b6d443f0dcccef2aa495126a5b1e025be0df1b9b52ceec67d87b4

    • SSDEEP

      24576:uBoJKz7+Ze0/r2PEw55c2wTYs42cYbDyGWBVGZu8BlscURb+bo98Ef1gFIo4KGqI:upz7G2PxJhAyGWv4uAA+cRgFIAG2SWs

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks