Overview

overview

9

Static

static

9

Usp10.dll

windows7-x64

1

Usp10.dll

windows10-2004-x64

8

cf刷枪3.exe

windows7-x64

6

cf刷枪3.exe

windows10-2004-x64

6

iext.dll

windows7-x64

1

iext.dll

windows10-2004-x64

1

internet.dll

windows7-x64

1

internet.dll

windows10-2004-x64

1

krnln.dll

windows7-x64

1

krnln.dll

windows10-2004-x64

1

spec.dll

windows7-x64

1

spec.dll

windows10-2004-x64

1

xplib.dll

windows7-x64

1

xplib.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49f3f1a6716cb7c3cca57a9d5e7249a4c68b276ebea14868d889209177a598c2

  • Size

    885KB

  • Sample

    221127-tl4g2sec5s

  • MD5

    b559be68bf70f641feb5665188fd7207

  • SHA1

    9cdc705cd30bdc0a221e5b70ad56237991fe345a

  • SHA256

    49f3f1a6716cb7c3cca57a9d5e7249a4c68b276ebea14868d889209177a598c2

  • SHA512

    3c2ce2d7d692753ce12616107d72c3c699492b5ef1023aa87d68d2551f70a27d70e4b442294d79aa3301122c8f6261220046e1bbaaa629e84f9ad27331503145

  • SSDEEP

    24576:4mt1/WEYzqiXhm0ClwTo8XioVTcKr9DBAbxpwXs:xKEYOix2aXGKg4c

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      Usp10.dll

    • Size

      88KB

    • MD5

      2112bd24dc88a8290b58adf9adda645f

    • SHA1

      a37f8f7ba4095627d67c8051fc94b2f3ef37f3d9

    • SHA256

      640d13bc3d498fbfbd3eedb87110e9d8215a414eaf0a775017ec3220ebf29672

    • SHA512

      9314509cd6ced6c65d160507fd5b783ff3435e1d7bb1086bf1d3c29842e519eb44f1bcd7e474710a9071fab979a38564c1030ced74c1b9a6c950e12914827ad5

    • SSDEEP

      1536:GZZMc406OfuR4E4oSRckgxWjrb1J50Cfn73x6tMp3dgVbU189NlrtPR2oN:WWczZS4EAckwWfpJ50CT3xyM2w1eTrt3

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      cf刷枪3.exe

    • Size

      309KB

    • MD5

      b21059d5e87cf1b8e6a2ea262998daa3

    • SHA1

      44839223647fd03def8e12d67879872bd4e3bf34

    • SHA256

      3d979784a1be5886b04ce9812ec9115dae1df7fca01b79124cf2d03fa3416b8f

    • SHA512

      bd67cb1d38b20477471ee4bdb52ff7088eecd521fd7f973c6b8c2113d7001ac4c2739c940709ba47802f8053059e53ef8ffa5061b539519b2f33bce82d8c503d

    • SSDEEP

      6144:taNBqAomk2uZfR5wB4D6AEmVEOMkdwEtZuaNBqMaNBqoqaNBqe:U9omyZ0lADckiEt8BRb

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      iext.fnr

    • Size

      216KB

    • MD5

      3f1b2b497172b65f7bb15453d0d93de0

    • SHA1

      e24556e47ced0b6ae6b89a5e280b83e15ed42e8a

    • SHA256

      4f9ad22aa55455f56619e76a01afeb337e1f28f61c7dde5869eb2a6d8776581e

    • SHA512

      8837e6108ffde548674487c5ebba3e3dbee8bfafa5727470d3ebaeec039baefc6dc3d756a199f4fb334754985288f0a5577b32eb41fbd69295fc9681354cd3f2

    • SSDEEP

      3072:Mn8on8DDXsrbOfcrhoqJJeSld1oLLPCa/p9Z/oUHhRO6fVo:Ogcmqmud1oVldRp

    Score
    1/10
    behavioral5behavioral6

    • Target

      internet.fne

    • Size

      188KB

    • MD5

      7b129c5916896c845752f93b9635fc4c

    • SHA1

      e3fc632af5e1f36e8022e651f64eb8f8381c73c3

    • SHA256

      adc45970f4a0eafd2f372302f64836802380c253096a99ca964677a70a7128f8

    • SHA512

      c72dd4043e7cdc0ccefe26ce8a6d05701b4c610f88ab827e6731296da76b8cbe5b63c0970954ec7616369172b8b8f9cb546545271be3e86c18c54d0b9cad8f95

    • SSDEEP

      3072:mpTEys+TR7yRoHzXjlhvtcxVIThpEbbAKNXoqlSY9M02MF8:mpTEt+ycLHlCIThpEX9+XM

    Score
    1/10
    behavioral7behavioral8

    • Target

      krnln.fnr

    • Size

      1.0MB

    • MD5

      44e2ca67c060fbe3dc0d030149f5a478

    • SHA1

      5df61eb626bc3849893701942114609c1086d496

    • SHA256

      6ced19283dbbb95f264448f380592f4e98ba8228efca2f68821ab3ae61029d93

    • SHA512

      1a348c7585d78dd68c1d0e059ea1d7cea57c1aeff734f834f75025719b9fdd0e9bb16aebe75e15502a1b83106387eaa9493b8990999e0a68b62c1afdbc8cf45e

    • SSDEEP

      12288:rb0+sqCE6yy4bmhSd+1YCHYFZzktq0TNSARuOrRUVbNGvNXXYA/2b:AjE6+bhiHYF5kZI6uOrRUjYNXXYA/

    Score
    1/10
    behavioral10behavioral9

    • Target

      spec.fne

    • Size

      88KB

    • MD5

      51d7be0ca4431fec32d0ba0978cb2cae

    • SHA1

      1aa65ca721bd881b615b16602f6bc7cc4c7d74d8

    • SHA256

      1e4d44d3a865a766517057c199eda71e005e56c13fce2c4137b66d185a416986

    • SHA512

      5cf2214bc60dde261f44aa339ba1943f5c9b70337a11d064185224b3dcfc705e55386c95de280b6d05c4b60a318abbfa3d5728724c28dfc009d57c3bbfd76ef5

    • SSDEEP

      1536:DcrPILJRJT/DpWc6hVoabwhfoeW7JsVRj0:QrMW1ojfolax0

    Score
    1/10
    behavioral11behavioral12

    • Target

      xplib.fne

    • Size

      80KB

    • MD5

      8f385e7c8cf1f8ebdae0448473977cc7

    • SHA1

      942bf465e29a5e5f85580eb30aa9510b92f802d7

    • SHA256

      d1a1c6bac6a498adccdafab9d600a372aa9d5b826a33cfa06aaa9f75357c5b23

    • SHA512

      2372a8857591b829763cacbdfc0cf3d4884598c5f1c43f0815257cb7fb3b2c93b60b1027480e1d5a93bbc6eba054328d8d2b4997c7d81a5360811f8f1eecafa1

    • SSDEEP

      768:25tYWNgMBrw1cbmKrvtt9AK+HSTGwBtL9hlkU8MiP+cTqp2DYGH+toh+z9:25tY2BEe/CSTGOfqqLSCoQ9

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks