e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98

Sharing

Copy URL

Twitter E-mail

General

Target

e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98
Size

15.6MB
Sample

221127-r2nenaaa9v
MD5

f796b03671447929e8047546f4f8f49d
SHA1

4d77bd7dd3c95fbd65c7b0259be050d718270e7e
SHA256

e9494f781813c9721d83f6b3d087f8f36db9eff5da568564697f0ff45038cf98
SHA512

4449b0bf720177b0ac01b5e775b404a426fd9b0cbe7617f76243896a62d174f1757272c8e419e9c1a91471efe6d8d399ceace02b9ad20a7dd45817712f07f28d
SSDEEP

393216:ay28NLuHz6iHiS5CiS0ibA8eSLsralugzYHKM0lV69fsc:aQwJHJCiS0JeRgNgs

Score

9^/10

Malware Config

Targets

- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/3K引擎M2说明书.chm
- Size
  
  832KB
- MD5
  
  b961af6847c50e3fbfad9dddf0571811
- SHA1
  
  f5ecedf097181c9816082459fe46eb06e2ab4fb7
- SHA256
  
  94a58122712d79d18214ba2d4c676c03533bfceb3d32914161fbb0eadc97c4f7
- SHA512
  
  c69815680f800d3b93cdb54462877dfc850efd19053d19493546e21fa27ac4875eda67629d92a068591ed01ae99b402d6b3e3328a68d3bf56c818581962ac625
- SSDEEP
  
  24576:JV9Jnm6H02ZgqM3kWmUtJlOP2HO/dW7gD:DH1UZs
Score

1^/10
behavioral1 behavioral2
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/3km2.com.cn.url
- Size
  
  187B
- MD5
  
  f2b2a3fc83bd2a514240f88f7d81cdcb
- SHA1
  
  f8f496bb310d030a7cce278db2e226ced284edd2
- SHA256
  
  dd5c64bea3a3f7e8b3b3384d1ed134d34fabdd547c6b2930377ba73ccc28599f
- SHA512
  
  fa2e49a23c0ffcceb288370767abe8d8b251b070934d155ce6b67dce076d2d3d09845e9102dfbee27568b0d3ae3c2342dd9f1bfaaf0d6481074c12ad0f916328
Score

1^/10
behavioral3 behavioral4
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/DBServer/DBServer.exe
- Size
  
  485KB
- MD5
  
  09339d8bf1c5891db81737c22dfb9dc0
- SHA1
  
  88f86c6195a3fe12e40250287031e3203d93b0fe
- SHA256
  
  43fce1808e399bcb2a35cb7d9c18a3c44df01c0e3bf3e2d1cc69b459c0782ed1
- SHA512
  
  5a83f287b53540cb877eb2185be89401838c4959c1fc5b2cf6eefb0ffc93424b16c4f0c3e15af7157d00793ce9f2d97864b7418d36f477816d8e5608baf72bc8
- SSDEEP
  
  12288:sYxJQY+YdZR4gFfzqjldvP8zasz/Ct8mQWtmQ2go:XxCY+i7TfSFvQC+tW3
Score

1^/10
behavioral5 behavioral6
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/GameCenter.exe
- Size
  
  508KB
- MD5
  
  1ed1c217b9687078ae3d6a0fee0d45c2
- SHA1
  
  5c1f3b7af2ba906d4bece854e37364142d5e420b
- SHA256
  
  e231b72ff94084ce3d98f7c9f9b98824e437e90fd1469922a4fcbbc2e35f768c
- SHA512
  
  c12f909f386780c3583a7d73626a069089f2f0e41bc6e5683add66cc19fdff7eac0d3e49e31fd23c07e7a776f5eabb907dcf88a1b1670226c79bbadd141f4dc9
- SSDEEP
  
  12288:roNFBhCGm1Godt78LxLNk6tW9eWILhDwtXg5KpeQZ0772bpth+p:roNXkGm1RdtYLxo9eW8Dyg5KpD0nuptw
Score

1^/10
behavioral7 behavioral8
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/LogServer/LogDataServer.exe
- Size
  
  383KB
- MD5
  
  64cf2cfcd2503c486e6957a569c0dc76
- SHA1
  
  77592007a54ece0327df90a7096f27652e9cd665
- SHA256
  
  dcee4f53b38c5424ee128dd153a47d4e1d8086ca90f2c1fab4be29bc8ca02cf3
- SHA512
  
  96772724daf228701b434490963a3cddaf022634ad4048a1dc34d9f683f991e3b31adfde6599be23774343e48fdf82772170e0eebfa52487cf0e40df834a0a2f
- SSDEEP
  
  6144:QcZwt8EL8UgzFJJpOYTELbsu9IBXmv9gt722JqgrX2g8VAU/VFSOu7AtUlRMV3F:zZahYN3w4ZBKgdSgRyVFLrtUlRMV
Score

1^/10
behavioral10 behavioral9
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginGate/LoginGate.exe
- Size
  
  480KB
- MD5
  
  3dd9be1401c813af75ec398b3f57c028
- SHA1
  
  eb60adab845f21998bb59ff9e4a428e4c2779cb4
- SHA256
  
  808595de42bf3c5df1583fd0088c8a36d88c4217acc81be565e74a8a49b8a2ac
- SHA512
  
  1100605268953a2cffa72213502ce4db32984165a17c1e57656cda883a3f887af9d379e2edbf84d7f5f1b5a2a0629bf7eab008d0f713962dc104340d2008001c
- SSDEEP
  
  12288:hcsfv2muayPvLGBFBSjWA95mk3AktuebnQgyV8JIiIb:b+fbbGBFBSzmk33Aeblgb
Score

1^/10
behavioral11 behavioral12
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/LoginSrv/LoginSrv.exe
- Size
  
  333KB
- MD5
  
  c07b785b690fb9dfa0b404c6e69a7001
- SHA1
  
  b236a4720d6ac9426f40195fa5619a8c6eb24fff
- SHA256
  
  27f4d216da33de9541a9e30702caa1ffeb68ca6e3e904382d3f8b1aba79e27b1
- SHA512
  
  47a0904d5d7a2143795e41ed7e6b8efd6e2816f502748921d0f3dbf53bd5d83ba041926b0e458aa5f3423f3752c6454074af9d8b9189138a1e9ac04946cd493e
- SSDEEP
  
  6144:LOzLPjdf+/66Z5TsfkRumVMPz3apGeAyx8WXc5FshwBWJg6djNVYmxtu+:LOz/t+/phckwJr346eCF9WZNntu+
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/IPLocal.dll
- Size
  
  708KB
- MD5
  
  8b1cc052a316b3d9c987638e090dc30c
- SHA1
  
  8a786247ed4b8e3b3b23894a40a2662bb6bb864b
- SHA256
  
  ec68caf90c61e2c3620154c562f306d3104c99855ee2d6cb40a390003cc21c13
- SHA512
  
  fd8f4f5f73756472268acff656b3064858d5dbd98643d2bac27eac4ac23ea51cae30bcabc3a209d466cec72c634e4de06f93345eae49d864e596a3a5c67f3674
- SSDEEP
  
  6144:wacWxKtTHt9kwZ7oCSr/eu+zYJfnWV3j8MXSnkxHepk1NHwgIDLL5fKH+c:wacWxoN9kwZMCl3j8xn0+pk15ghfKT
Score

1^/10
behavioral15 behavioral16
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/M2Server.exe
- Size
  
  3.4MB
- MD5
  
  c2da6a2920b67b4c888c7209e55e484a
- SHA1
  
  296d2aec76116c25b3550b52d80d94440d3a783e
- SHA256
  
  e9be4facf1882e685aebe9703664715523c21995fdf9c19197da9a0a6adf8f4d
- SHA512
  
  edf04caabe60bef22e05075496eff89c40d6ecce4eb2f717a3881596bc3d0953bea594f125725893c274e84de9b9008a076a52126e2da87d1b210470d3d57144
- SSDEEP
  
  98304:eQ8PU3vL2A4ZMNbEhy7DpeSrsK+AZH2c4+:h8sh9y2dXfZHR1
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/Mir200/SystemModule.dll
- Size
  
  1.7MB
- MD5
  
  6e00bde454e5c87cd6a4c0abdc698c89
- SHA1
  
  9f9c5d03f1ed8fc40b7f1560fa3db94c0b8a2b28
- SHA256
  
  b66ff82da730bb8021fd28aa9f7aa7d6c002a9ade9f64e14645a51665723c5e2
- SHA512
  
  fce79019308bf11449f88d52c746ec4dad624c5f4ec03d8b9a1d4cc95dd1a4997513676160eb03101bb041c30970ba7e93df5dd38d39ceac3b935ae74d0de489
- SSDEEP
  
  24576:U9kBIWxwSHJvOqByWQH0qYCSIxRJsxLwWfu7bOaSKN/6ZqlRIV+BEl6SujwK:nBINc2qBLlCSQxGuPOyl2V+UL0wK
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral19 behavioral20
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/RunGate/RunGate.exe
- Size
  
  371KB
- MD5
  
  3555f6b20c2e139a846ba0a6fd31aa97
- SHA1
  
  0941ba558b4640b2d46c6c6ba26f90be4546e3ae
- SHA256
  
  4584bfec89ae175834a47df600c98f054584cacf6eef4919f973b13c41674917
- SHA512
  
  e9a5e770295eb527895ea667bc81a5feec6d1379d4bcfd788056e6187819e806a0a37c1410687ec2bb9edddcde674ad86c648eaae6a9037ca6233bef03a0a6dd
- SSDEEP
  
  6144:vbBBPs6RIjBAarBQrFrgTRKrYNfU6spHn7zCA9upZZhiqD10NV1s:zBe3r0ZgFAYNfU6spHfC2upc81qs
Score

1^/10
behavioral21 behavioral22
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/SelGate/SelGate.exe
- Size
  
  296KB
- MD5
  
  80bfe461c0a4df0f2a6dc808aaffe86b
- SHA1
  
  000817f018c43f2544037e6b45431d8bb0592c1d
- SHA256
  
  cddee7119496376779c2184b68438207d63e889a5ed4cfe47772530120b099cd
- SHA512
  
  9204d28b824f5223d486820d4a6de02ec503236c856f93bb97587a60c1f6215a0b137fe67a0d95d2adef60eb84840cb01ca3f9a073a6ca48c8de13aa7f179844
- SSDEEP
  
  6144:wxp2Iqw3fysi6BAgsmouJXkwlyxHZ6IVsYzdouRKCp+mhbC:wxIIqwvy5yfouxS6I5YC82
Score

1^/10
behavioral23 behavioral24
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/副将数据转换.exe
- Size
  
  406KB
- MD5
  
  a89c4a9a2f623c0fdd6c9fea68735bb3
- SHA1
  
  b012a26192769a56a92446d820b06c902b06b08a
- SHA256
  
  7f76aa96812819466576b11711efefb0b4e52be89b4e7c4b02cad717c6ae960a
- SHA512
  
  fed6f747bbcea8ef611547db973dad24952e77dad4deb483e68de1ca77bc066cec9fe4fef9c96cbe19bb54c79c6950d434030ab30539e7224e0bf1b4f93b8ba8
- SSDEEP
  
  12288:r39e2xgs3C9DOqLoBXkoXfp6gmplCMMVo:rNvxgs0DzoBBogGM+
Score

1^/10
behavioral25 behavioral26
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/合区工具/AllInOne.exe
- Size
  
  383KB
- MD5
  
  1fd69fe8016fba4696bbc37e47be3f5d
- SHA1
  
  00baa7eda6753f25add8ec64bef239feae99f1a9
- SHA256
  
  f1ef5d0962735eb6341b3c2cbd6c5c4ee3c74071be4c721a36a26fd5c1e394f0
- SHA512
  
  40f1b350ef39585ece7cd06f09c84931c785c139c0e597ea11700573afee16bd8563af716c7b4a70aa854d130ce3210d0c855c8ad86b5da7adbee41cf54a4a53
- SSDEEP
  
  6144:0uI8TbCceQIRjFkrDPqSZP9wTjdaB7NLrsyNotHVP6Fa36c:5IXxnKDSCmTjK3sv1VPSaK
Score

1^/10
behavioral27 behavioral28
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/开始更新程序.bat
- Size
  
  764B
- MD5
  
  36a3f6229863c32189d31d261a9fa647
- SHA1
  
  ccae052c897e053f8dd16fbb388c4fb3e64f548f
- SHA256
  
  d0e860ab0c36dc5f031128153fdb3979407c3a917a6485b73fd096bf1c3a9eae
- SHA512
  
  2a8c3605e4a3860aec187f20d19ac129281f2dad8597bb884872578832c480a894ea327f925dcbd5dfb8c437910d7729b9f7cf0af61dcfb13d206c2d9a567bce
Score

1^/10
behavioral29 behavioral30
- Target
  
  3km2-20120528[1117]/3K20120528(0404)合击引擎/数据升级.exe
- Size
  
  407KB
- MD5
  
  49ab59f5b8405721b09797642296c1f4
- SHA1
  
  01bd8bd414bcd1c145828488acc0678d5513672d
- SHA256
  
  6b80d96d18fd937eabcccb7ca16994a8f93a481c319fc15eeb6570ad45745508
- SHA512
  
  c63ebeefc91a9b3558be510efb150783d37bbde07be23a1c9a88ac08ca23a07855e06f3240b858ee38490fc45a80436652fd92daf0cc27a4970775f53e8bd403
- SSDEEP
  
  12288:n39e2xgs3C9DOqLoB6NPBroi49fH6ItZEIJQiYdhv:nNvxgs0DzoB0PVoi49xRY/
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX packed file

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32