Overview
overview
8Static
static
8Ӱ...zZ.dll
windows7-x64
5Ӱ...zZ.dll
windows10-2004-x64
5Ӱ...Lf.dll
windows7-x64
8Ӱ...Lf.dll
windows10-2004-x64
8Ӱ...KT.dll
windows7-x64
1Ӱ...KT.dll
windows10-2004-x64
1Ӱ...LP.dll
windows7-x64
3Ӱ...LP.dll
windows10-2004-x64
3Ӱ...ng.exe
windows7-x64
7Ӱ...ng.exe
windows10-2004-x64
3Ӱ...DL.dll
windows7-x64
5Ӱ...DL.dll
windows10-2004-x64
5Ӱ...dq.dll
windows7-x64
5Ӱ...dq.dll
windows10-2004-x64
8Ӱ....exe
windows7-x64
3Ӱ....exe
windows10-2004-x64
6General
-
Target
a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573
-
Size
12.4MB
-
Sample
221128-bryjwadd75
-
MD5
00755c34730209aa7e811098b0d3a4b3
-
SHA1
737b9f38b9c8c5b9711e8e62e0c01aa564688e5e
-
SHA256
a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573
-
SHA512
8408bbbcdd9e73b0ae838d513243e16dc78042d9a755df836391e075045333397be0b7b1cd14679d297d1c982fe3cea0e4d42aeb9b7b538538a5000fca7f3eda
-
SSDEEP
393216:pvKP7OBCsBtNK0rngEBUMuhcMwMK34cbj:5Kj+tIygEe3NKVbj
Behavioral task
behavioral1
Sample
Ӱ1.4Ѱ/BkjjgGzzZ.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Ӱ1.4Ѱ/BkjjgGzzZ.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
Ӱ1.4Ѱ/DCckoLf.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Ӱ1.4Ѱ/DCckoLf.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Ӱ1.4Ѱ/NKT.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Ӱ1.4Ѱ/NKT.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Ӱ1.4Ѱ/WS2HELP.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Ӱ1.4Ѱ/WS2HELP.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
Ӱ1.4Ѱ/longying.exe
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
Ӱ1.4Ѱ/longying.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Ӱ1.4Ѱ/vjPzDL.dll
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Ӱ1.4Ѱ/vjPzDL.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Ӱ1.4Ѱ/wdq.dll
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
Ӱ1.4Ѱ/wdq.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Ӱ1.4Ѱ/Ӱ1.4Ѱ.exe
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
Ӱ1.4Ѱ/Ӱ1.4Ѱ.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Ӱ1.4Ѱ/BkjjgGzzZ.dll
-
Size
311KB
-
MD5
0dbd9d65e6b5a4889b680bfbadafef92
-
SHA1
8124dd89b2831ecdeeb811266974bf4eae441466
-
SHA256
c002ca6b67c84be232f86eba53577f3ebd46e298700ea36ffb4fd000cd616fc5
-
SHA512
996734902aac6e97631d83fc085526e1abb1ef8878a82ecd36a6edcb86e75afb7b63293b0cbfddebfe9cc5c8256ac02c909eeb4f8d0c4cf3139996f3cfdc1ef1
-
SSDEEP
6144:Y9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:YaJFuA9zD/B26
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ӱ1.4Ѱ/DCckoLf.dll
-
Size
170KB
-
MD5
684263bfcfae35b5e0ad4b4fd95e980e
-
SHA1
cced0035abdf89265f9e8e7271d42112f8274f87
-
SHA256
6059a3f5a024aca52cc54c05b73d90558222b8abffd2a158ba426d4e01c14115
-
SHA512
8c241c357f1b180317f07fd0e9952a1216f5a21b5bfc895a56d69fe8bb76a1b2e93066dfed716f2fe0c2da6c58b8638c63788c74eb60f89bbbcff72baebef0af
-
SSDEEP
3072:TTtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:V2XPbGO1JSIwftiqisoelfVa
Score8/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ӱ1.4Ѱ/NKT.dll
-
Size
697KB
-
MD5
dc070b5ca3586f06003422111b4a4a47
-
SHA1
faa65a3bb8e1003e2d42be1d9800c520fdbfd2fa
-
SHA256
9ff65bceb25a9a6b28a17591110e78a118eb0885ef601fa3e53b7b313f463a77
-
SHA512
d92846770ad963d63c879a91846848425df64fecfe2c04cf8cc97cc3c7f4756fdd345f2740c545d12e5731714f3308b377f5b6799442b648930326387ab47990
-
SSDEEP
12288:ISPQsVMNkAWELoygQwOV5YHFo4wB6VrZfJAWjmLuMf/sE9pOd/X31wI+KLk7FW:dosVAPo2TSo4wB6vSluw/sE9pOd/XFw9
Score1/10 -
-
-
Target
Ӱ1.4Ѱ/WS2HELP.dll
-
Size
660KB
-
MD5
88cc2c8b1a41bf804d729d4505e61f7e
-
SHA1
83a43e22dabba235c9c0873dd47829ad2a16348f
-
SHA256
0b5e8d69c196a4c2369dcc6fa9c3d4fe49b0d24a4e1e48b30311fc2cf65f15fe
-
SHA512
a52aa61ef8df817e201800c30a174876cc998623362d1934b1afc593ff7c9a75be585bf434301f0f795a12f764cf67ae5ae686348553dfc274d437fe52f2b452
-
SSDEEP
6144:fLs+TCPCozkPwYuHGbEtyMls9jSjfhlFpYq8c/Gp5Ruko+jwRxXQFnX7RCDW:fLlCHPskyMlIkI6epmko+QKP
Score3/10 -
-
-
Target
Ӱ1.4Ѱ/longying.dat
-
Size
11.1MB
-
MD5
280020c71729b44fc82d4a742b24270c
-
SHA1
ad22b4862fc68649f59c3a01c839c5d3c061172f
-
SHA256
5fd78f62be7267b3b011687c5355babb3245560349cf6448b0ed0746317aa817
-
SHA512
8cadcdb08045e8149566bb37b49c589f56160f87de6a80c0ecdf56b0ed622e932abf13a6d1ec62eebd5ed2bbe4e2220240311e1c49edb627c032fa09748e3cb2
-
SSDEEP
196608:ssbUGfYnjLm2x1h0XNx3aPpNEAHMjuGMc41LuOUASGAH32V:to0sjFx+ONhYhMccLuOUAaA
Score7/10-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ӱ1.4Ѱ/vjPzDL.dll
-
Size
311KB
-
MD5
b98a0d1e6ccc70ddc35206208ce5cbbc
-
SHA1
f53a2b00b2184ddc6a3d6cdb21f4381f41c2b3fa
-
SHA256
2f13ec7b9014ebdf15d662ba145fe64a4526fccb44683774497023dd9962aba3
-
SHA512
65a25a46c18eb2eab6193b4ba970bc7e376fae4db5c0a2335b4bca0905aab6c558582ce2eaacc8d5e7a32a33e6784317c855fe18e67962efcedd89ddfbdaca13
-
SSDEEP
6144:t9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:taJFuA9zD/B26
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ӱ1.4Ѱ/wdq.dll
-
Size
106KB
-
MD5
dec8a1922e27485ac71a0536ee19d70f
-
SHA1
bdde755299e62c63474d3d6cf441bfab74f82b16
-
SHA256
9e94094688e03fc20d5d8c76c679b0da5dc9606538d6a2fa4c8377ec0c063814
-
SHA512
26f023d667829d3959c7b9d8c1a690cdff2b452e0b384ef1d46008abb14322307e1e2c0e0f1b21c11095288200054a6bd39999c487bbe99b5b3e02de4b4f7bdd
-
SSDEEP
1536:q3ka315wzJdDMfRFmiVedlLF0FPrcR6L/QS1nGse4jM7cL1HfOqTqcs:q3NF5jfRFXCLCFcrKRCcRvqc
Score8/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Ӱ1.4Ѱ/Ӱ1.4Ѱ.exe
-
Size
410KB
-
MD5
3b6f28d7253a624b23df33c71e9ed8e1
-
SHA1
67d56d039e8dfeb514176c16a95c898dfbc330f0
-
SHA256
9c593eeafe7a9220acbd52cacb79cf53c795947f0fa9e9feb9da869836627183
-
SHA512
ac06697c1e4f58f5ccb428d81eac34fdef0c7d6ce8b3bed19c7ef5fcc82454431584e59aca0a04051700b3bd074c5f632a484814fea9788055fafc4bcc036787
-
SSDEEP
6144:g9J44zrNDM5/D0RQgdqR/jyQxOrBfJRxYYz3Vo3LAo3Z3nhZhZETTPU:OJ44zry0uIY/GkeBJzMBRnh3ZEP
Score6/10-
Adds Run key to start application
-