Overview

overview

7

Static

static

DVP-EH.exe

windows7-x64

7

DVP-EH.exe

windows10-2004-x64

7

MSCOMM32.dll

windows7-x64

1

MSCOMM32.dll

windows10-2004-x64

1

台达DVP解密.exe

windows7-x64

1

台达DVP解密.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a51ea536776a8d2a10e272227f87e0889159125bf3407a3c5a67b6bdac3e9fd6

  • Size

    857KB

  • Sample

    221128-p1rdtadf97

  • MD5

    a59809a4950359e12331d71ca216ab0d

  • SHA1

    def89136f37c456ef69c647dd309ffe97b538444

  • SHA256

    a51ea536776a8d2a10e272227f87e0889159125bf3407a3c5a67b6bdac3e9fd6

  • SHA512

    1bad54bde82e33bab2b3cd703d793d578642399a1010481a87f4f2585a4a8f0b1a20521f7193177c5ef5bc825b119527e1cf06ecd0882032c459f82cd741f1b7

  • SSDEEP

    24576:gV3OVIlXQMrnrWtb2hCHgYjw+yl60OchqxUHI0:s37ldrSDHgYjwM0Och4UHI0

Score
7/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      DVP-EH.exe

    • Size

      836KB

    • MD5

      388de2fea784a0504e83df2240713fee

    • SHA1

      3b0efcf4885effa432b86b6335a84ba6f956a419

    • SHA256

      b9768a45f8f648bb124c5e0666bbfc5f13d4c4006dc5df985695a252214b51fc

    • SHA512

      04d0217e27d93bb29aef5b87574ed994768212aaacf7bff105b8fedad8f6edd2cf77274489d5775987226ac1ac889a8f4ef24dbffd580f6ce1115fcb081baead

    • SSDEEP

      24576:+PQV0QLJqJ+s3PFOjbUDCzNT+YvN3DexReJU58GGMn9:sw0Q+t0bUu5PDvJUyVMn9

    Score
    7/10
    bootkitevasionpersistencetrojan

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      MSCOMM32.OCX

    • Size

      101KB

    • MD5

      2c6119da3993f410e74b15112f840cb0

    • SHA1

      9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c

    • SHA256

      51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c

    • SHA512

      053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208

    • SSDEEP

      3072:zsQgdI5Hh8p28XMehRYSdB/TYDY44UGyGfDnfra:zdgdI598jhRJpYDY4fefna

    Score
    1/10
    behavioral3behavioral4

    • Target

      台达DVP解密.exe

    • Size

      28KB

    • MD5

      2bb569000bd181b9bded72e43e7d7414

    • SHA1

      0ba2fde920a087f3f2b4a873fa049d90275b1ea1

    • SHA256

      303ac33fbd1fe0036dc3451b476b7e5a5d8fa3a91ed59d500bffa223567f37de

    • SHA512

      4d2bf8288008fbd14116996090784a3edb6fb8e231a169ff56308feb6142bd7e76cb1654012c1fa5bfb89b19d8214c3d31c220eb35e9cc6d3b62606bd182f028

    • SSDEEP

      384:/TQqioKNNptovTQXG+WuuRB8nDd6VuuPMgzlcYgp30s/z:/05oEvDQVuujzEpx/z

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks