Overview

overview

8

Static

static

0909iocp�...ar.bat

windows7-x64

1

0909iocp�...ar.bat

windows10-2004-x64

1

0909iocp�...dow.js

windows7-x64

1

0909iocp�...dow.js

windows10-2004-x64

1

0909iocp�...dow.js

windows7-x64

1

0909iocp�...dow.js

windows10-2004-x64

1

minilzo-2.02.vbs

windows7-x64

1

minilzo-2.02.vbs

windows10-2004-x64

1

0909iocp�...Lib.js

windows7-x64

1

0909iocp�...Lib.js

windows10-2004-x64

1

0909iocp�...ay.exe

windows7-x64

1

0909iocp�...ay.exe

windows10-2004-x64

1

0909iocp�...s8.exe

windows7-x64

8

0909iocp�...s8.exe

windows10-2004-x64

8

0909iocp�...ock.js

windows7-x64

1

0909iocp�...ock.js

windows10-2004-x64

1

0909iocp�...ck2.js

windows7-x64

1

0909iocp�...ck2.js

windows10-2004-x64

1

0909iocp�...vfw.js

windows7-x64

1

0909iocp�...vfw.js

windows10-2004-x64

1

加键盘�...ll.dll

windows7-x64

5

加键盘�...ll.dll

windows10-2004-x64

5

加键盘�...es.bat

windows7-x64

1

加键盘�...es.bat

windows10-2004-x64

1

加键盘�...ar.bat

windows7-x64

1

加键盘�...ar.bat

windows10-2004-x64

1

加键盘�...rv.exe

windows7-x64

3

加键盘�...rv.exe

windows10-2004-x64

3

加键盘�...ys.bat

windows7-x64

1

加键盘�...ys.bat

windows10-2004-x64

1

加键盘�...nit.js

windows7-x64

1

加键盘�...nit.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1717bb76bce63bd34f4ee9eb5449b510e9b787b7d5ce5edfcfe7f81bd00c6fec

  • Size

    2.0MB

  • Sample

    221127-t5y2nscb62

  • MD5

    33eb3d4a4ce94d11d792cc0847a40c92

  • SHA1

    98581e9c6bd09740d607757a6ab3d9d9c1c36bfd

  • SHA256

    1717bb76bce63bd34f4ee9eb5449b510e9b787b7d5ce5edfcfe7f81bd00c6fec

  • SHA512

    2c35519b06929f5cf01ba7df20ddf3c72b26e2fe08649d66188bfa2b155eeee6ef7122cbce76957629478f8a97f09014089590d0085e1ed1987b008f0bbaa65a

  • SSDEEP

    49152:ii9fzmmckVZ/nfJnQkkK+bqHbCG+Yr/zssb6d3kRhNFn9eQYK:7fymckVJnedtgbT9Bb6d2hNFn5YK

Score
8/10
persistence

Malware Config

Targets

    • Target

      0909iocp控制端/clear.bat

    • Size

      184B

    • MD5

      f653785b837e56eb207a7ce43b51e2df

    • SHA1

      8ca526ced360b34a85fd140c47dd49c6c55a1561

    • SHA256

      8700c8c7301040ff9148ba1ad78030d5e7f50a010f4d678b95f99278321e01f0

    • SHA512

      c56970cb67a42f533d327a5db2794d3933fd3adaac5bd50a93684cc8729b3b6c54ff5ce9237a87a02a6c5b45745c1b7de152bef35ba69ed4c20b637bd50fc7c1

    Score
    1/10
    behavioral1behavioral2

    • Target

      0909iocp控制端/主窗单元/MainWindow.pas

    • Size

      40KB

    • MD5

      e666a244f25dc9baf8f54dd849030eab

    • SHA1

      52c55bf9535f9ebd38a67844fc7f4c0a3eb9680b

    • SHA256

      56c9777e5ddf1aebfe733a6a0a63c4223061b3159ed4c0597ba8715aadd62209

    • SHA512

      bc55e4609a3494e4850e07f7af75d7af8d0ef3e5f6f9e0442ad3fbfb105d4f75939a9d56d8556decfd58ed5118c1e94b6b25d4e6c3fa1faefc72ad69264eac8a

    • SSDEEP

      768:xeVMgllzaI91aa2X1rafqjBa1VPan10aN1YnF1UHE1HH61yJVBmbLZZ:x0Me2Ib2IfvWvA4ivBc

    Score
    1/10
    behavioral3behavioral4

    • Target

      0909iocp控制端/主窗单元/MainWindow.~pas

    • Size

      40KB

    • MD5

      373867d8e96c65a529af2bddf4b73115

    • SHA1

      15a8cccb7e325b01a1a05215176b91eefa611184

    • SHA256

      6ab545378e0ad577d8c3205d2a0e09be87ee79ac208e373f4ccd65ca18edbba1

    • SHA512

      3ddb60bf88fc9680b10b8b3d76754ec924bbb1650dfcfc78e272692c72c388641f222cac098aa4061fd0983f46e12a0de7bb2dc146dfa5f9d3741fac7d69d711

    • SSDEEP

      768:xecMgllzaI91aa2X1rafqjBa1VPan10aN1YnF1UHE1HH61yJVBmbLZZ:xfMe2Ib2IfvWvA4ivBc

    Score
    1/10
    behavioral5behavioral6

    • Target

      minilzo-2.02.tar

    • Size

      230KB

    • MD5

      070dd799f5048c10fc44b04de01796d4

    • SHA1

      d45025ed708de83fa6386dede0652bb51686fc1d

    • SHA256

      6499210cf545232be14c982df5a7f3b1ba08bf5f3596dcafeaa0e3fa5e4de21e

    • SHA512

      9a7f34cac2ed3321b28eb2bbf4b38c52fc5ce38b22d142f8857af2de09c1dfa2d8c7cbe5eb5defc0ce6962e1fc6b2c932a61aeef868c4384ef03f6ca3e77c84d

    • SSDEEP

      1536:ikIn9jhz9ocQh1sRmgOwqoVmWmvzecdX9o3weGms+6In9jhz9ocQh1sRmgOwqoVW:WJ0rva3kmbJ/tXFrvrN9fm9kbdR

    Score
    1/10
    behavioral7behavioral8

    • Target

      0909iocp控制端/压缩单元/zlib/XiaoNiuZLib.pas

    • Size

      8KB

    • MD5

      7ccc873ee73e7cca5d7432a790d8fb82

    • SHA1

      bfed763596568eb73ca4861148348a71f3702b96

    • SHA256

      69859e4426bc914ec65bc0b73075085cbfac13907de7b7ff4d12af65643a5551

    • SHA512

      be56c51815eb85b7b131669901642baeb97e8002d0a87fba4e065c551e2fc4cf391b14d1c3b29f1a19b3fde712a7263d5634086ef552fd272e62b25e51553b6a

    • SSDEEP

      96:Bg3sBA5w4ZGcs7c3HsXLxoy+IB2axObb6o2cSgiQCn74L0sDHmAmc0pBINc:2CmHqxH+IBzObbrxi9+0ymT

    Score
    1/10
    behavioral10behavioral9

    • Target

      0909iocp控制端/播放器/Play.exe

    • Size

      397KB

    • MD5

      4b22bade1e8520bf9bd0761dce3d2764

    • SHA1

      237de3d72f89b62a4063e6368928e184052c5d8e

    • SHA256

      bae32108ff418f222cc2f6f2ed924a4c9f309873b7cf71a986029af054c8481e

    • SHA512

      9661c1f296ece04ee6004e6a57109940d70d1a06022d3aea7edd8e26eaca230e7b2e69a4baacb97513392c96c7f72b7386202aae83c669a1dc032f2608f19d5b

    • SSDEEP

      6144:va98OISCZjsi5BIxGwB0Gbh9BSKVYv6uZF9AA9iD442CQUlzLyp5l:wIbZoizIxGM7UK2BT9AACQezLA

    Score
    1/10
    behavioral11behavioral12

    • Target

      0909iocp控制端/服务单元/wmpcdcs8.exe

    • Size

      774KB

    • MD5

      4a25a40a92dc5d1b7d10133fe782542d

    • SHA1

      48677c9374805a907f80d3a2855ade615c487e00

    • SHA256

      5b66340b8d4622fb794363c70d3775d477e132e7d073ac5a56c50ca09b1ec5ab

    • SHA512

      be1de9fb67dbf1893083358faded6837563a150eb443de0dee23aeea94550e437e6dce9befc0527918ebb55535e379969853f9d51a4c96cfad37483179e7c1c7

    • SSDEEP

      24576:4HsYtI0/G0XdQEcyRSlpyzrGt0Rh/hlQWHtvW8NOZunaO:4M8ID0XkgGqRhpjNhAZux

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral13behavioral14

    • Target

      0909iocp控制端/网络模块/mssock.pas

    • Size

      922B

    • MD5

      22dc27afa4ff370bd6577616eea5bcf8

    • SHA1

      87598571d0ce45768bcce8473f7e6a263af2ce6f

    • SHA256

      26eeac4e90e194105ca58ca8d0192f4327d004cc6b6aca461d3a935c6413e6ed

    • SHA512

      9d30de343972c10dca71378705f658fecad450eeae29f9e46275041222d276a30a3b9a2f41b9419a4c52b3eaa48d1f415219bfa450d7dc6a0949120e52209a7d

    Score
    1/10
    behavioral15behavioral16

    • Target

      0909iocp控制端/网络模块/winsock2/WinSock2.pas

    • Size

      67KB

    • MD5

      53b6b6ad2c94dab4e8e1553bf2bfb5b4

    • SHA1

      d94fe69802040e4bd0a7e387b07d4af6d444eb14

    • SHA256

      91fbfdd12d2631f7a83166ab1e5f7577339631ab696f37be6b625e01d2b1474d

    • SHA512

      ec6290918d0c98bc37c491d1d4f28576f288b6b8d381b52ae691315226dfcfacc4ac6dea4d3d81927731f585384d58f71d6673cfa5cb43fc8b4c4f3029e183c6

    • SSDEEP

      768:qVk1f0r84iP1cAjcIl3dQqosO5zwUYBotof0aewVqPtfxPnKmd0q/sJpX7Oppn7b:qg48B9JgqosOVwUYBotJkqPtfj/sXLC

    Score
    1/10
    behavioral17behavioral18

    • Target

      0909iocp控制端/视频单元/vfw.pas

    • Size

      186KB

    • MD5

      91fdc9280133c4abde69c3219b9924f6

    • SHA1

      b4cad13f3230f95666a6004af93201ed48664e8b

    • SHA256

      1acf0329356142a1241ef949a8cffa01c308b2b4fef80b2b4e45baa666f424f9

    • SHA512

      a468aa1f283e470e9f89052d550bff10bc85e9ef5c3f08175ec69e248583564dda0d12f06749e5e7a5687a97fa2cd71246728c1e6917e57ee689556fcb83ebdc

    • SSDEEP

      1536:okt47yuP6bLBrm4Ae20BYvr7xmbZCpgrY4S2YW30e/f:okt4xP6bLBK4XqvrAkpgUW30eH

    Score
    1/10
    behavioral19behavioral20

    • Target

      加键盘记录dll/加键盘记录dll/VIPDll.dll

    • Size

      119KB

    • MD5

      875844cd39acbba37ec4b8a2ab63ef5a

    • SHA1

      b89fa888f2459a6c621e59b1814605d8de5e7265

    • SHA256

      044d4b93010ae485afed580339cd184d38c093e27ab4e29af9f563c853286b1a

    • SHA512

      bd4e9337fb2fa17f0c12d356e16d8d658d8a81765af9cdbdb3c001ae055189d31dcb26e72dacfb5b988023861afe609e6ff4fc08f2b910252f7a41785dc62acb

    • SSDEEP

      1536:+SFTXOm/CyKFNHcz9qSutBdyvGCEH9eF0LBLxbKZ+:+S9X7FKPHcRUtBwvGCEFFxbKZ+

    Score
    5/10

    • Drops file in System32 directory

    behavioral21behavioral22

    • Target

      加键盘记录dll/加键盘记录dll/Window-create res/BuildRes.bat

    • Size

      29B

    • MD5

      9251fa3c44e722a4891d35c0d8349cf0

    • SHA1

      41487c7e55ea59f8248e5f2ffe90f89035584683

    • SHA256

      f1c226a1891e7241131e60169b51e518e4977f9fd2a37ca6ca825545071692a9

    • SHA512

      089cfad7a0492bb4c2da20510c355843e3b0eff747ef7a953e988ea2f3a1bd5bd90f87864e0e8c14263fcbf8904e875b3ab429036a75701edfae556e0118a469

    Score
    1/10
    behavioral23behavioral24

    • Target

      加键盘记录dll/加键盘记录dll/clear.bat

    • Size

      184B

    • MD5

      f653785b837e56eb207a7ce43b51e2df

    • SHA1

      8ca526ced360b34a85fd140c47dd49c6c55a1561

    • SHA256

      8700c8c7301040ff9148ba1ad78030d5e7f50a010f4d678b95f99278321e01f0

    • SHA512

      c56970cb67a42f533d327a5db2794d3933fd3adaac5bd50a93684cc8729b3b6c54ff5ce9237a87a02a6c5b45745c1b7de152bef35ba69ed4c20b637bd50fc7c1

    Score
    1/10
    behavioral25behavioral26

    • Target

      加键盘记录dll/加键盘记录dll/serv.exe

    • Size

      120KB

    • MD5

      d8ab911891087a6aa6e19485b76a7b07

    • SHA1

      a85cf27ef7ddd0f92eebb0dcfcab53895c91167f

    • SHA256

      dc9c651b164bf86b46f904d11da313617bd4b1b307d271990d61f46b468172e5

    • SHA512

      b59a0dd0d573216e486eaac4bb14bc9108ec98d9d2264832ad2b38fe707cbb56f5028ee634497de735e789147f7998c45e1b968d71b23d11c653a077141af33b

    • SSDEEP

      1536:JSyTA5k7IoqOMT9Fub8yyAn0X5UxTvxoJaS5PT6up5X:JS6AKcbT9FuADAzTva6up5X

    Score
    3/10
    behavioral27behavioral28

    • Target

      加键盘记录dll/加键盘记录dll/sys.BAT

    • Size

      17B

    • MD5

      0e575ae6bafe424f6bcbdfa9a3916ff8

    • SHA1

      90c1a83e8b069e4dd41fa42b8f03e4667ed818c2

    • SHA256

      ead00ea15974d4697803ce3e15c2c76f0e1de8457fd402e55079a3143c4ef94f

    • SHA512

      07c2fa0aa53ab32636a979d4cf85492b066122467b750d5568c1c44e5a9bc3920e557e3d270ef9942e2c353b8067350e9882f8c52b6818b18b96a5288cf07f2a

    Score
    1/10
    behavioral29behavioral30

    • Target

      加键盘记录dll/加键盘记录dll/公用单元/PublicFunctionUnit.pas

    • Size

      52KB

    • MD5

      44e8fe962ba20f1493a6e5e5d6676377

    • SHA1

      dd47e92e939013e4b23e481fe2d28ad6f79c4484

    • SHA256

      bcb41d9376cbdfef2a95e7404523eb7bcfb1d3bd17fd41de468d6b9aa8f97408

    • SHA512

      327eca3e19118033638e2bf04538239e26a1923db75e0e83f38c798b78b17eac1adb3211312b7e9425765782987d22db79e3d2770e6f3edfb9b57556111153f4

    • SSDEEP

      1536:NEOlvCMNoyZZ9Z9G3sfn9mKc+PZ0lZYbIhtpv:x/9GgcAZMyUBv

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

persistence
Score
8/10

behavioral14

persistence
Score
8/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
5/10

behavioral22

Score
5/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10