General
-
Target
a51ea536776a8d2a10e272227f87e0889159125bf3407a3c5a67b6bdac3e9fd6
-
Size
857KB
-
Sample
221128-p1rdtadf97
-
MD5
a59809a4950359e12331d71ca216ab0d
-
SHA1
def89136f37c456ef69c647dd309ffe97b538444
-
SHA256
a51ea536776a8d2a10e272227f87e0889159125bf3407a3c5a67b6bdac3e9fd6
-
SHA512
1bad54bde82e33bab2b3cd703d793d578642399a1010481a87f4f2585a4a8f0b1a20521f7193177c5ef5bc825b119527e1cf06ecd0882032c459f82cd741f1b7
-
SSDEEP
24576:gV3OVIlXQMrnrWtb2hCHgYjw+yl60OchqxUHI0:s37ldrSDHgYjwM0Och4UHI0
Static task
static1
Behavioral task
behavioral1
Sample
DVP-EH.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DVP-EH.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
MSCOMM32.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
MSCOMM32.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
台达DVP解密.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
台达DVP解密.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
DVP-EH.exe
-
Size
836KB
-
MD5
388de2fea784a0504e83df2240713fee
-
SHA1
3b0efcf4885effa432b86b6335a84ba6f956a419
-
SHA256
b9768a45f8f648bb124c5e0666bbfc5f13d4c4006dc5df985695a252214b51fc
-
SHA512
04d0217e27d93bb29aef5b87574ed994768212aaacf7bff105b8fedad8f6edd2cf77274489d5775987226ac1ac889a8f4ef24dbffd580f6ce1115fcb081baead
-
SSDEEP
24576:+PQV0QLJqJ+s3PFOjbUDCzNT+YvN3DexReJU58GGMn9:sw0Q+t0bUu5PDvJUyVMn9
Score7/10-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
MSCOMM32.OCX
-
Size
101KB
-
MD5
2c6119da3993f410e74b15112f840cb0
-
SHA1
9d7aaffc0bcf955cc75d4ecc228b1ceda8a1856c
-
SHA256
51a1d6812e445c26c71465e2709e6d1ad587f8513002d662cd160f424f48b37c
-
SHA512
053ece4eb2ddba51c0d683a7afd439ed88605ab83619de738f7ad2495bfe9e9f16fc3b829c7fc9c779b50f039b9fad66d16aed520a5adfd1522a711073f78208
-
SSDEEP
3072:zsQgdI5Hh8p28XMehRYSdB/TYDY44UGyGfDnfra:zdgdI598jhRJpYDY4fefna
Score1/10 -
-
-
Target
台达DVP解密.exe
-
Size
28KB
-
MD5
2bb569000bd181b9bded72e43e7d7414
-
SHA1
0ba2fde920a087f3f2b4a873fa049d90275b1ea1
-
SHA256
303ac33fbd1fe0036dc3451b476b7e5a5d8fa3a91ed59d500bffa223567f37de
-
SHA512
4d2bf8288008fbd14116996090784a3edb6fb8e231a169ff56308feb6142bd7e76cb1654012c1fa5bfb89b19d8214c3d31c220eb35e9cc6d3b62606bd182f028
-
SSDEEP
384:/TQqioKNNptovTQXG+WuuRB8nDd6VuuPMgzlcYgp30s/z:/05oEvDQVuujzEpx/z
Score1/10 -