General
-
Target
infected2023031501.zip
-
Size
2.1MB
-
Sample
230316-dxe1tsba7v
-
MD5
356038ce79af5b6f9eba56f2ddc691b5
-
SHA1
c2a22127c381035da4ce48bd8b2fc7dc1aafd2ac
-
SHA256
ead1aac1a530be0f846600c3fa6d91567b6574e0824c5f29fee08e30ae5a1d15
-
SHA512
dc0a1887e8e288b5dfd727691cb2f139549b71710fda2d1d7e8454383bc06f5ec216b61bcc6e754eee50a5f5e00d36d0b0833b26583499070d64fe2b2ce33160
-
SSDEEP
49152:u6YlELokvl0D1ZxAFmirqblhTzu4Uy923wzHlC5Mlp:u6Y+NI1Zq7qJhTzyq237Ep
Static task
static1
Behavioral task
behavioral1
Sample
virus/meitu.chm
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
virus/meitu.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
virus/白加黑衍生物/UpgradeShow.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
virus/白加黑衍生物/UpgradeShow.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
virus/白加黑衍生物/svch0st.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
virus/白加黑衍生物/svch0st.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
virus/meitu.CHM
-
Size
1.2MB
-
MD5
3dbfbb912f430ae62df647a767a86884
-
SHA1
0604930ef6eef2e10ae38e9b89d819ecda25f847
-
SHA256
8ffcc91dcb5657a9e8012bdc8b3b73bf541161f7c619e824fd5c5ae4b9b129f1
-
SHA512
984f57541f443b36b991df5a2bbb4f55760a9a08f0b49d3fb9908c6bcc0a7fa6eb16cb3c2fbb659e700836af35eef942c007ab60c4bb09972d6a34968dc1e38d
-
SSDEEP
24576:i7cuHGvz89BSOMfdLDCb1IlosIfHvzceiw3L3DYxROi2nmbvkIOMaNC:i7cuG89BSOALDs7sIPvzceiwb3DYv5bl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
virus/白加黑衍生物/UpgradeShow.dll
-
Size
2.6MB
-
MD5
344573557b9ed92d639acf191a4538ab
-
SHA1
c0ee613f353b1c0e7eaa343d9aa053bca9a87e5b
-
SHA256
39c02e646649120020be6c86778a02e4c46fb79cf7db816e79fc7998da3a3131
-
SHA512
1696319e3cf92f8548c25442b587571e818f167e4492a08ea4d26e49ae3f54f2461c8e5168696418b510d794d5c8d8cd35f0a3ddb6095793652381e36344f5a7
-
SSDEEP
24576:8jrINGHhvax4WwOAR++r+1UIMj7GyifH3psEiNfxyyjj5ddddi66Prip11pA:arIN4k4/M+r+1Upj7GyifH3psE/ipTq
-
Gh0st RAT payload
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
virus/白加黑衍生物/svch0st.exe
-
Size
985KB
-
MD5
9606b727e58cb0157e1586adac252462
-
SHA1
9bbb77aea71b44f0f7737ed47bae3fa67df6c8d4
-
SHA256
8fcbe954783759e96a9cc1cf6aa2cb16d6c95a8f0a0c661ee0c1e241079c6de2
-
SHA512
1d07695b0d597703336d0d0a50353712c83ba5354de006a7a444dd270253ce5a4e362cb98e83acfedabe325f29e3da51946cc3625bb8f452cf212cdccc9eba1f
-
SSDEEP
12288:OL/JAG6yuZ6hivOQffehNA0rswA/C9gCyWJSA6L8nu:e/JAG6mBrsR/C9pyWJSt
Score1/10 -