Overview

overview

8

Static

static

8

æ˛ŗæēä¸‹č...om.url

windows7-x64

1

æ˛ŗæēä¸‹č...om.url

windows10-2004-x64

1

įŽ€å–ŽæŒ‚å...nj.dll

windows7-x64

8

įŽ€å–ŽæŒ‚å...nj.dll

windows10-2004-x64

8

įŽ€å–ŽæŒ‚å...ro.dll

windows7-x64

8

įŽ€å–ŽæŒ‚å...ro.dll

windows10-2004-x64

8

įŽ€å–ŽæŒ‚å...ip.dll

windows7-x64

1

įŽ€å–ŽæŒ‚å...ip.dll

windows10-2004-x64

3

įŽ€å–ŽæŒ‚å....0.exe

windows7-x64

8

įŽ€å–ŽæŒ‚å....0.exe

windows10-2004-x64

8

įŽ€å–ŽæŒ‚å...04.url

windows7-x64

1

įŽ€å–ŽæŒ‚å...04.url

windows10-2004-x64

1

įŽ€å–ŽæŒ‚å...om.url

windows7-x64

1

įŽ€å–ŽæŒ‚å...om.url

windows10-2004-x64

1

įŽ€å–ŽæŒ‚å...”1.exe

windows7-x64

8

įŽ€å–ŽæŒ‚å...”1.exe

windows10-2004-x64

8

įŽ€å–ŽæŒ‚å...­”.exe

windows7-x64

7

įŽ€å–ŽæŒ‚å...­”.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a585d5c3eca4ceac5520483660cec6ac1a7104ceb13e86e4f4f59ab79c86aa20

  • Size

    15.0MB

  • Sample

    221127-y3acrafb88

  • MD5

    29f77bb745e45a384e7800c214b4ba6a

  • SHA1

    75b5d52b52f26514d230fcec2a6e23506f8a5b20

  • SHA256

    a585d5c3eca4ceac5520483660cec6ac1a7104ceb13e86e4f4f59ab79c86aa20

  • SHA512

    3522b6bbebc9e5ea2cddcc46bf27c944f9a479cf7aea3af4bdd3488dd9fe22b9a9c687417ca6eb65af849a88d811b061a748232941b5b5f088cae01daf4f058f

  • SSDEEP

    393216:kDfZwVHu96azAtrcR9M6rfrfDEnFaZgq6hjRPPrNfr8:pUhAt7YrfDcFanYXrF8

Score
8/10
spywarestealervmprotect

Malware Config

Targets

    • Target

      æ˛ŗæēä¸‹čŊŊįĢ™-xz7.com.url

    • Size

      179B

    • MD5

      2ccd0cc9a725618ddc48295dac3c1cfa

    • SHA1

      a4b4808558eb61cddbb226e0011766a96cdf1d66

    • SHA256

      1b1af9d8fccf3c8776fba292925c09dbf33614d7a7addd01ffadb7984f6bd8f3

    • SHA512

      47691caa9bdfccee071058e9360871089d0fc8fb4a7f16643b3b1b3fcd2bd35c575981b355f710e543f92728e823c46809764730bbf7bbab50bf382162cb1899

    Score
    1/10
    behavioral1behavioral2

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/SimpInj.DLL

    • Size

      318KB

    • MD5

      537402ee556a3cd05552ec9a64a2ef07

    • SHA1

      12768e31c3268fc76c701bf128be96c946fef45a

    • SHA256

      2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f

    • SHA512

      a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d

    • SSDEEP

      6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral3behavioral4

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/SimplePro.DLL

    • Size

      422KB

    • MD5

      32057a06d73bef047195554b89e9523a

    • SHA1

      aa13a00d7673feebc8d99678bccc583ee180898f

    • SHA256

      6811f8197b9150bb2937b26f8da3f945af557cc418483772246357c1d42fb661

    • SHA512

      f33d170fb3b756bb707495af09ba730d58045210f80f6762465d4b241c4a57d318936b88b8cb28c534833fa8d155a0d423a439a027693e4abd86e23c0d3a5d65

    • SSDEEP

      12288:p+158vGXt3iL3ETIFdLczarkOWGXa7Yia:M8vR3XJWuji

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/zip.dll

    • Size

      120KB

    • MD5

      f483ca3411e7f5b278df6dabd1dfa2ea

    • SHA1

      9fe776f8eb36b7aada0d08cb7fc8d7a0371c69ef

    • SHA256

      3af8886e8f36c34cde502bafd06e967a7769f910f603a88cb91a9833f928a6c9

    • SHA512

      d229dcd16b8e91fdadee68d5e42a79b1447091c6480bfb4aa0761c5c9035404991383dd7999ee431a0610aa716745ec28e221c115baf022252f8f20512d9d4f6

    • SSDEEP

      3072:YOltoyFOxHTKiM+Kh+GBFOQMrTBfC4NS5S:IyFOxHTKf+KhFB0QMrTBq4D

    Score
    3/10
    behavioral7behavioral8

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/äŧ åĨ‡é€šį”¨å˜é€Ÿå™¨7.0.exe

    • Size

      244KB

    • MD5

      6f92c15bf863fa0e17a4e35bd4fd51fa

    • SHA1

      6ca6a62a24bdaf0447fb9ae27f49253226cf9df8

    • SHA256

      09342e5b817da7d66f0d72a30f05ac70a40fd513ecfedc4ddae629f08db13e9e

    • SHA512

      fbb6db3add179bfe27d72fcefcfeeb05643e764be6c8064b7c99fd032ab6b2093a774550fb3ada2160fab2092b8e8b0766880a610548924383fc0a714a1faaba

    • SSDEEP

      6144:fo6ZAZuWvOFBPbcLb4aVWKEyWLxkoXPVrFayCov9oTkN:g8WwA4ItJWlkOPVFSoVooN

    Score
    8/10
    vmprotect

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral10behavioral9

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/在įēŋ咨č¯ĸQQīŧš910001904.url

    • Size

      404B

    • MD5

      d2e14e91055fad3bd807e2a9125f86d1

    • SHA1

      c6861ab85b8fd9f385ce6b62406e5b51b7e8697f

    • SHA256

      b1e6f7badaba9c7c594b390d0e99b6e841b57c33727f5dbd3dd268ce1b55188d

    • SHA512

      6fb9a25acde53e07e20751fb657b072ba91085b7cf6fe876e9ad9a1bdb476e3909f44d2a65dbfe7b83a32613c4269f2cd7fe1914dfa46ffbba8dc326686a19c1

    Score
    1/10
    behavioral11behavioral12

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/įŽ€å•æŒ‚厘įŊ‘īŧšs1904.com.url

    • Size

      155B

    • MD5

      0c1c35771fa1a0fe96a485cee91ff407

    • SHA1

      1e41897cec67228a62fb861005bc0a5077b581f9

    • SHA256

      ddd4f69a510db4e6c2ec7340ee90845ceade8ea41fde5e7ad7a2a407ca002ee1

    • SHA512

      df3154f2144dc38cee377b7eeb5174cf9ba87e7003c201006d19f2202e6d763ff0e81d09cb6f50c1675ae0daaceea9766aabd99fa000ab83d559ce0fa7685def

    Score
    1/10
    behavioral13behavioral14

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1.exe

    • Size

      4.3MB

    • MD5

      f7dbf6be3fc951697b713a286f4a6c48

    • SHA1

      5b3eb15fefa4d8b546aa2987bcf36fcab901ae55

    • SHA256

      640ca5066401e717118f19e5e471ba8832d87e900205d8e5d6d10a53da51a913

    • SHA512

      340fde9e9c16eb9fe374930f6f247b4662ff1b2c20b10a03d093fad497b2367512d1908dbab9d790f86b2d4b8904950eef8d8de214626cab467c0c0a66a56477

    • SSDEEP

      49152:PSvd6wMpY+mCvZhCCuLHy44COCVTVvoNVQCOeAYjLpT465SDEk2YBC3iMcoFntAe:+6wMa+5CCOqnDJ1jt86Qn26F+l/vw

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      įŽ€å–ŽæŒ‚免曊į‰ˆâ’”1/霸įŽ‹æļ魔.exe

    • Size

      5.8MB

    • MD5

      7cc45747bdc42b3ff4e395939af4dd63

    • SHA1

      2b1868b7686f7122198d98b0426c2ae7daa68b80

    • SHA256

      e4548759ff33a0b03ac428d41b864ed3c7c707bb8990f6a7552b1244aa60a486

    • SHA512

      01466dd373056f512140a470604d3aef9df50cad4e94d2947dc116346bc15946a51055b7b848bfb7ca0c553d48a34cb2043f6d71d71bbddbb0a916d6071e0fc4

    • SSDEEP

      98304:Jk+5UUQ2ll0Zje8tNJj669cERHEkN+nCFwPoaSwIfeaG4u6V:d5UB2v088tUdkSCFwQe56V

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks