Overview

overview

8

Static

static

8

Ӱ...zZ.dll

windows7-x64

5

Ӱ...zZ.dll

windows10-2004-x64

5

Ӱ...Lf.dll

windows7-x64

8

Ӱ...Lf.dll

windows10-2004-x64

8

Ӱ...KT.dll

windows7-x64

1

Ӱ...KT.dll

windows10-2004-x64

1

Ӱ...LP.dll

windows7-x64

3

Ӱ...LP.dll

windows10-2004-x64

3

Ӱ...ng.exe

windows7-x64

7

Ӱ...ng.exe

windows10-2004-x64

3

Ӱ...DL.dll

windows7-x64

5

Ӱ...DL.dll

windows10-2004-x64

5

Ӱ...dq.dll

windows7-x64

5

Ӱ...dq.dll

windows10-2004-x64

8

Ӱ....exe

windows7-x64

3

Ӱ....exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573

  • Size

    12.4MB

  • Sample

    221128-bryjwadd75

  • MD5

    00755c34730209aa7e811098b0d3a4b3

  • SHA1

    737b9f38b9c8c5b9711e8e62e0c01aa564688e5e

  • SHA256

    a1a1cefa0b6c2e29f546fee629b9503416e5a631f554e759f9e8a1fa25737573

  • SHA512

    8408bbbcdd9e73b0ae838d513243e16dc78042d9a755df836391e075045333397be0b7b1cd14679d297d1c982fe3cea0e4d42aeb9b7b538538a5000fca7f3eda

  • SSDEEP

    393216:pvKP7OBCsBtNK0rngEBUMuhcMwMK34cbj:5Kj+tIygEe3NKVbj

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      Ӱ1.4Ѱ/BkjjgGzzZ.dll

    • Size

      311KB

    • MD5

      0dbd9d65e6b5a4889b680bfbadafef92

    • SHA1

      8124dd89b2831ecdeeb811266974bf4eae441466

    • SHA256

      c002ca6b67c84be232f86eba53577f3ebd46e298700ea36ffb4fd000cd616fc5

    • SHA512

      996734902aac6e97631d83fc085526e1abb1ef8878a82ecd36a6edcb86e75afb7b63293b0cbfddebfe9cc5c8256ac02c909eeb4f8d0c4cf3139996f3cfdc1ef1

    • SSDEEP

      6144:Y9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:YaJFuA9zD/B26

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Ӱ1.4Ѱ/DCckoLf.dll

    • Size

      170KB

    • MD5

      684263bfcfae35b5e0ad4b4fd95e980e

    • SHA1

      cced0035abdf89265f9e8e7271d42112f8274f87

    • SHA256

      6059a3f5a024aca52cc54c05b73d90558222b8abffd2a158ba426d4e01c14115

    • SHA512

      8c241c357f1b180317f07fd0e9952a1216f5a21b5bfc895a56d69fe8bb76a1b2e93066dfed716f2fe0c2da6c58b8638c63788c74eb60f89bbbcff72baebef0af

    • SSDEEP

      3072:TTtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:V2XPbGO1JSIwftiqisoelfVa

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Ӱ1.4Ѱ/NKT.dll

    • Size

      697KB

    • MD5

      dc070b5ca3586f06003422111b4a4a47

    • SHA1

      faa65a3bb8e1003e2d42be1d9800c520fdbfd2fa

    • SHA256

      9ff65bceb25a9a6b28a17591110e78a118eb0885ef601fa3e53b7b313f463a77

    • SHA512

      d92846770ad963d63c879a91846848425df64fecfe2c04cf8cc97cc3c7f4756fdd345f2740c545d12e5731714f3308b377f5b6799442b648930326387ab47990

    • SSDEEP

      12288:ISPQsVMNkAWELoygQwOV5YHFo4wB6VrZfJAWjmLuMf/sE9pOd/X31wI+KLk7FW:dosVAPo2TSo4wB6vSluw/sE9pOd/XFw9

    Score
    1/10
    behavioral5behavioral6

    • Target

      Ӱ1.4Ѱ/WS2HELP.dll

    • Size

      660KB

    • MD5

      88cc2c8b1a41bf804d729d4505e61f7e

    • SHA1

      83a43e22dabba235c9c0873dd47829ad2a16348f

    • SHA256

      0b5e8d69c196a4c2369dcc6fa9c3d4fe49b0d24a4e1e48b30311fc2cf65f15fe

    • SHA512

      a52aa61ef8df817e201800c30a174876cc998623362d1934b1afc593ff7c9a75be585bf434301f0f795a12f764cf67ae5ae686348553dfc274d437fe52f2b452

    • SSDEEP

      6144:fLs+TCPCozkPwYuHGbEtyMls9jSjfhlFpYq8c/Gp5Ruko+jwRxXQFnX7RCDW:fLlCHPskyMlIkI6epmko+QKP

    Score
    3/10
    behavioral7behavioral8

    • Target

      Ӱ1.4Ѱ/longying.dat

    • Size

      11.1MB

    • MD5

      280020c71729b44fc82d4a742b24270c

    • SHA1

      ad22b4862fc68649f59c3a01c839c5d3c061172f

    • SHA256

      5fd78f62be7267b3b011687c5355babb3245560349cf6448b0ed0746317aa817

    • SHA512

      8cadcdb08045e8149566bb37b49c589f56160f87de6a80c0ecdf56b0ed622e932abf13a6d1ec62eebd5ed2bbe4e2220240311e1c49edb627c032fa09748e3cb2

    • SSDEEP

      196608:ssbUGfYnjLm2x1h0XNx3aPpNEAHMjuGMc41LuOUASGAH32V:to0sjFx+ONhYhMccLuOUAaA

    Score
    7/10

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10behavioral9

    • Target

      Ӱ1.4Ѱ/vjPzDL.dll

    • Size

      311KB

    • MD5

      b98a0d1e6ccc70ddc35206208ce5cbbc

    • SHA1

      f53a2b00b2184ddc6a3d6cdb21f4381f41c2b3fa

    • SHA256

      2f13ec7b9014ebdf15d662ba145fe64a4526fccb44683774497023dd9962aba3

    • SHA512

      65a25a46c18eb2eab6193b4ba970bc7e376fae4db5c0a2335b4bca0905aab6c558582ce2eaacc8d5e7a32a33e6784317c855fe18e67962efcedd89ddfbdaca13

    • SSDEEP

      6144:t9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:taJFuA9zD/B26

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral11behavioral12

    • Target

      Ӱ1.4Ѱ/wdq.dll

    • Size

      106KB

    • MD5

      dec8a1922e27485ac71a0536ee19d70f

    • SHA1

      bdde755299e62c63474d3d6cf441bfab74f82b16

    • SHA256

      9e94094688e03fc20d5d8c76c679b0da5dc9606538d6a2fa4c8377ec0c063814

    • SHA512

      26f023d667829d3959c7b9d8c1a690cdff2b452e0b384ef1d46008abb14322307e1e2c0e0f1b21c11095288200054a6bd39999c487bbe99b5b3e02de4b4f7bdd

    • SSDEEP

      1536:q3ka315wzJdDMfRFmiVedlLF0FPrcR6L/QS1nGse4jM7cL1HfOqTqcs:q3NF5jfRFXCLCFcrKRCcRvqc

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      Ӱ1.4Ѱ/Ӱ1.4Ѱ.exe

    • Size

      410KB

    • MD5

      3b6f28d7253a624b23df33c71e9ed8e1

    • SHA1

      67d56d039e8dfeb514176c16a95c898dfbc330f0

    • SHA256

      9c593eeafe7a9220acbd52cacb79cf53c795947f0fa9e9feb9da869836627183

    • SHA512

      ac06697c1e4f58f5ccb428d81eac34fdef0c7d6ce8b3bed19c7ef5fcc82454431584e59aca0a04051700b3bd074c5f632a484814fea9788055fafc4bcc036787

    • SSDEEP

      6144:g9J44zrNDM5/D0RQgdqR/jyQxOrBfJRxYYz3Vo3LAo3Z3nhZhZETTPU:OJ44zry0uIY/GkeBJzMBRnh3ZEP

    Score
    6/10
    persistence
    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks