Overview

overview

8

Static

static

8

大天使�...��.exe

windows7-x64

8

大天使�...��.exe

windows10-2004-x64

8

更多软�...��.url

windows7-x64

1

更多软�...��.url

windows10-2004-x64

1

飘荡软件.url

windows7-x64

1

飘荡软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab49367c7151cbcefe3e962e52581e770706511e97c155f080b567314a07c53d

  • Size

    5.8MB

  • Sample

    221127-jnvb2sag85

  • MD5

    f2c4f6e771beecae1d0e4aca2b10d80d

  • SHA1

    7b4d0eeae6e88f4ab0b724378d79e483a9da875a

  • SHA256

    ab49367c7151cbcefe3e962e52581e770706511e97c155f080b567314a07c53d

  • SHA512

    fd62d428e363aaf6cdfa3f4f4fc9d5df7e22b65a35ebf5409847fa8ba2e4271fcdcf8719442f3ee209eb0b68854e83bce0544b83c62a2dd63ed5d8b8897f2f91

  • SSDEEP

    98304:oJPrZBQE6Ojple6E76tC4ubMEbuOwqdbX/X6n32O8wYgKEQSe8uKIWV:MQEPtM6E7kmtu8Kn3ljCJKFV

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      大天使之剑夜涩辅助.exe

    • Size

      5.5MB

    • MD5

      8484823040622df32740e9e0b8bb221b

    • SHA1

      798c495077586d8ed08d3417c959a00ba944169c

    • SHA256

      d14b2204c5825f10d9aad519cdb35e9f92c71b977f87fb798923669b62f0c668

    • SHA512

      3bb32eb95003d5105bb32dfff13d64c1a95516f8152a9a0b78933edca5b3e54e4d4eb7c843f546747a3fdf74ff337572d44c15ab0d0dbdc4dec579b85cd37d1b

    • SSDEEP

      98304:ngj85qZ8zfRrH/LaVhnPhpC1n2420LqFtHL2d1yl/civOkzZBaWR+:ns/ZIfRzDaVhPHC1Y0LExLh+bkzZBaWR

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      更多软件下载.url

    • Size

      204B

    • MD5

      94e540428ac8f3545fec78c2b3dd8c0e

    • SHA1

      cd46c366b68af03fc8fa4fa097f9815d43e4c2e8

    • SHA256

      357214eb50712a5c8663ef263c458cb4ebbbc27e64d73ab5e32c82f60a7b80c8

    • SHA512

      3c7876c3a18e1ba98329392ac1b940c479552b361386ce3776622ae557e4d3d8cee045d162a614a302a603cb4615024258703e0652f41541e043fcf7ecdff539

    Score
    1/10
    behavioral3behavioral4

    • Target

      飘荡软件.url

    • Size

      320B

    • MD5

      c404bacb30424b525bf6dfcab807f461

    • SHA1

      4fdc923fbbeafcb4ee150f4f82597ae72d1f4df6

    • SHA256

      8dc8673d85feb2d358e80a498ca7e649b46b8af119ebaf32126099df3cc5fea3

    • SHA512

      48b370b8a2a81ae5f3f57752b06f119b8bea0efc19b2ccf31683b5a9456ece68200ee2fb7826bc24c598311be925829be8084e1535f61330d8b91ba4b8d5f74a

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks