bced812112439dc85b04747045a0a19ee4b6d9f9ca0b378390e41379ffdb9f9d

Sharing

Copy URL

Twitter E-mail

General

Target

PvZ_Tools_v2.7.3.zip
Size

21.1MB
Sample

230411-pcyg8acc64
MD5

9060589ef77027f8a5cec4eea630c5ec
SHA1

47c24ed27a688431b395e431538b4e91232ada16
SHA256

bced812112439dc85b04747045a0a19ee4b6d9f9ca0b378390e41379ffdb9f9d
SHA512

d1c5218236958158b20ca3c5b0b71e3ed4e86da2b9488cf8cd8238d875cac7d97594235bda50405a5317664e7d150e55f8f829177dde4ef10a667ad154e4518f
SSDEEP

393216:r9orIUeRIFw4nny2EkwR1tiFfWlpH5QAFjbipyJc0DIerlB8mT+yf9QPJ:R2I+m4n/e1t0WpHzhbipyJbIWHr6PJ

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe
- Size
  
  855KB
- MD5
  
  50fe1f3674d1ec0642c2f7badea05fbf
- SHA1
  
  1b4a1b97606dbbc6033910cb08747973cf542d46
- SHA256
  
  6285bd2c2fdcd5758c3e8936ae9ccf905b8c331b49ce482d62d91230e781da66
- SHA512
  
  8c3e36b3f4cbedcf61bb86cc4f342bf8f0db057b0062979f64a7139de5121c0a16284ac0a793f8f4b436c03233f5f7307d9a3514d1d54b80610a57f567467679
- SSDEEP
  
  24576:kv1uqi38HDrRxvxDA6kvF6ZQuB+kZ5SXhd+/D:kdY38jrzvxDACZ5SRd+/D
Score

1^/10
behavioral1
- Target
  
  PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe.asc
- Size
  
  833B
- MD5
  
  b79918d721f70fd14069e2aba5678d05
- SHA1
  
  42cca4d5a32341415198ad8e9ed89da9d6d0321e
- SHA256
  
  7c533f49568d6b9f9d4389c2eb9a13f9306a5fbe77778f9fa8ffdbec3f4712b3
- SHA512
  
  3f328b420c1318c3f7f207b2995481fcf15756977e38b7df95dc36c6be067b4970309112193d1275a9a0430e0464f7902657b4f2031c2076ae9738577f6ba3b5
Score

3^/10
behavioral2
- Target
  
  PvZ_Tools_v2.7.3/PvZ_Tools_v2.7.3.exe.hash
- Size
  
  315B
- MD5
  
  fd177e0af15d0e01bef9bf28b1089688
- SHA1
  
  0becd05456202ef1a3c55124b02f2494cb67a72a
- SHA256
  
  384b810fdf950ff0dc44255fcaa98034c19ee9f10ae50cd7d69bb29426f30f0a
- SHA512
  
  1c57d106d44b48e5f068650d61974e32dfa69b54535c350c11831138519b05786db4c960d4fbfc1ab563f15049825408a1e2132b52c18dbec91cb8561072ce61
Score

3^/10
behavioral3
- Target
  
  PvZ_Tools_v2.7.3/Qt5Core.dll
- Size
  
  4.3MB
- MD5
  
  7d52fcdf2e5e3ecbf317040738976541
- SHA1
  
  f0375af2d143107081696c1b2310b3b8bc7efcdd
- SHA256
  
  57496b0ad87c47b0001645bac55283915eb01e7e7d5018679a09e97dafe08eb5
- SHA512
  
  7f0a8a9784b3b799738586367e817c857461a390c538c1d9d52020c994491c666e989a82179a2c9b2ca49e692b995df2a23841e5be76cc012721678ff888470d
- SSDEEP
  
  98304:k61wjWfPsbzZQKqU6QZWlY748XJsv6tWKFdu9CfvX/QKgwIkM:kozPEzZQKqXQZlHJsv6tWKFdu9CfDFN
Score

3^/10
behavioral4
- Target
  
  PvZ_Tools_v2.7.3/Qt5Gui.dll
- Size
  
  4.5MB
- MD5
  
  744cc7de06ac25c2b7ef4117bd9d99fe
- SHA1
  
  8c81cb46987c5b0333557019057429d1e5ba9487
- SHA256
  
  1a632df920a31e8334233f67002cd34f31751e0808c11f236c03f2d10f671533
- SHA512
  
  743e5027db4154596e4d5f63ebaa6d7469e8116819cdffdd6456c9af4c60c1ff00e389cd1ab94abf407247e9cf985fee8a25a99a1d524a0fb8bd3881c7e74f20
- SSDEEP
  
  98304:0X9YxZyh9nPpMSX585WX6rDPoZIiaiE8Tqw:8rXPpMa585WX63PAIT78W
Score

1^/10
behavioral5
- Target
  
  PvZ_Tools_v2.7.3/Qt5Network.dll
- Size
  
  827KB
- MD5
  
  a16cf5a0b8723f885e946d0f6e07acdd
- SHA1
  
  eb4f4d0b8eef78da01e04134d411e2ab24b35466
- SHA256
  
  f4bd456f2764cc7b14eb1126d5eb222019c6d57ebf6046ea88aeb675e5dd577c
- SHA512
  
  457911af9900f05eaafa3d0d470d9bae7df455fc65b015cb6ce6e9ec0d08bdb1bf7653682dbd5ffedf788a493d55a20f2acc3e03778cf8b0a3a3751e65698a5d
- SSDEEP
  
  12288:dfEa/df6CSD2OjO2fTNitHjmuUHcI240XLWXV4I0ns4mYYLeqK:RE0GlL0HlIokVF4EL0
Score

3^/10
behavioral6
- Target
  
  PvZ_Tools_v2.7.3/Qt5Widgets.dll
- Size
  
  3.6MB
- MD5
  
  0adaf8da00e16c7d1146fd034a2be91c
- SHA1
  
  29dbcd69e0d373257dd3bb8346b6927511859e1d
- SHA256
  
  6cb22ecef1ee09e83f621db48d4b05d32d515bcf5943017a5e822eb7b1f538a0
- SHA512
  
  80223bf6525f638836a6dbf23b4f16fe64edacc2ceac58869dbfd890876665e0685ec83bd796a0eaaa573c8e4bc10c0076a4cd9540ce923e2bfd688cc563b7d8
- SSDEEP
  
  49152:3SlT4oPRSxtKyu8KkBO5aU19TwNrfhPrTp:YTk5nOMUrT8pP
Score

3^/10
behavioral7
- Target
  
  PvZ_Tools_v2.7.3/bearer/qgenericbearer.dll
- Size
  
  34KB
- MD5
  
  6187a77f051c8a3a749f4bcf0f6af338
- SHA1
  
  4c01c9bc65a2eba90364984ef1972575dbcc3119
- SHA256
  
  6fdffd90ae5d03d5b05d71b233ca3602ed6c655ae273e6a99fbbaf346778abd2
- SHA512
  
  696bddc125f4073237c0674adca6bc1c00e8f74d005bca825259560120640ce2e74e5a33a9db27b8fa3926fbe1c76b9afcf4f0af4bf491153e8b5b0404abc30d
- SSDEEP
  
  768:NsshxfFslC+1I7Z/wrriJuga8dy1+iHsnca+xfb4+k6:WsHtIAZofisgaWiHsnc/xfbZk
Score

1^/10
behavioral8
- Target
  
  PvZ_Tools_v2.7.3/imageformats/qgif.dll
- Size
  
  25KB
- MD5
  
  39011de8046b08d34783325c67bb2773
- SHA1
  
  57d1b6e76c184959f3c560d8504343a405700f85
- SHA256
  
  eac73b6e06cbf8fdc0d2d03ce04847f6c467a985022d1da1968c8c76b803124d
- SHA512
  
  06e997838a6060b58c567065ab20670e4f707ccb7cbcf9b252ac29bfccd23ce94393d26c5c3e3bad11ec1c009178cda7b6ccf31bdd3cc9e139eb313e4e111747
- SSDEEP
  
  384:i+jsxcY9QzL6+IjufgvFZBvA6ET0jY7Ag6P7TMI8eVaUbKdJJohwS:vjsc0QnSjFZBo3TJrKMIna1dJJohwS
Score

1^/10
behavioral9
- Target
  
  PvZ_Tools_v2.7.3/imageformats/qico.dll
- Size
  
  24KB
- MD5
  
  6d490833a4bedf9c53d98354f7020363
- SHA1
  
  34cd535c3c94d05011571070ce58da7ef37ae995
- SHA256
  
  a487943b5542e6ca2dfe7feeb9d9e71817c79f79b5c8f857ad4703a95a2c6c77
- SHA512
  
  2f74398a7e25c01bc49e1d9957f35675748fe97982a88265e37589c7c2987b6adf016494041d98b160db152c8223b6433ce9401d3ba7fa764e8602722dd881b2
- SSDEEP
  
  384:48a2KDpQie6r+Tx2DU/iNPljvGzjtq8bIqEeSisTHbkJ6posF:48a2KDpQk6x2FPMzI8bIpirJ6posF
Score

1^/10
behavioral10
- Target
  
  PvZ_Tools_v2.7.3/imageformats/qjpeg.dll
- Size
  
  331KB
- MD5
  
  4c5a4b9ec2f872c38d9c95e5eea56496
- SHA1
  
  b5ee9b5f6218553ea3ee568dfb8edf9ff2eba9e8
- SHA256
  
  c735982b012a49100b72db7cb2641db5cc5d1e5bb194eddd7841da17860d57d2
- SHA512
  
  ccd8da1aab6474426553bb2bd032777fe1089917d28668445cb09f04175a06f99d341f5b44b7460c43334876c905d4619cae3868ef6cd1dd5c5d4d81f2b7e1bd
- SSDEEP
  
  6144:qwXMYlKaape/wrjMkPPIQdYeb2eOrsxZYOJ:qQMYkZeK9d/T
Score

1^/10
behavioral11
- Target
  
  PvZ_Tools_v2.7.3/libcrypto-1_1.dll
- Size
  
  1.8MB
- MD5
  
  f821ea60a784956f522901cdd966476b
- SHA1
  
  c18507e50036c17356f5c360bbc03f197c42245c
- SHA256
  
  3f42e0b958ebefec7e8a8a7f3f498c8645e1424d0dc46e62fbbacd339294b4a4
- SHA512
  
  7fa3bf55664ff3f65b38ec7274449542b9db7292a3cc89353b84fd29663186766030c35665f995cba57bb7dd94473cb4fcf10d39bbb8f8ff79142c8aaf4dba63
- SSDEEP
  
  49152:xTUdhNF2pADrWdK4tv+E8211CPwDv3uFfJPy:1UdhNF2AMQE8W1CPwDv3uFfJ
Score

3^/10
behavioral12
- Target
  
  PvZ_Tools_v2.7.3/libssl-1_1.dll
- Size
  
  442KB
- MD5
  
  4bd8c5f5a050450441cbc6ac6e64c086
- SHA1
  
  b5d83a131b7e0a9acc7c981260a6c8713b3a1d3c
- SHA256
  
  4fa1541ee02d1caf4eabe768433a2933eca2c1bc1641601e568db4382bc93b9c
- SHA512
  
  80879801922cdae8a9115c56f33789b480ac7e5fd1715c9686a0a1d02267a4c9eb91f63c3001970b670831e8312a675ed6c92939c1cde8daaca2bdfbdb5bd891
- SSDEEP
  
  6144:uGe5rN3seE4yS/d0Tyz4CEQF4IflpekG6ZeJrQr6Xh4U2lvzfY:5ebTE4yYdLjSKUxHQr6R4U2lvzg
Score

1^/10
behavioral13
- Target
  
  PvZ_Tools_v2.7.3/lineup_string.json
- Size
  
  245KB
- MD5
  
  b62d394f8a4e28e3b72f0f17d14cc9d7
- SHA1
  
  6ba4c202ab658a91b640002bedd63c9b92c470ef
- SHA256
  
  a5ad8917acf6269a6345074e735494d6d66e011f8bba7f6c082dc12a08c41385
- SHA512
  
  cd18fd36dc6f6574fc071c3048f7ec0bcebe53b8896f6b6e3b7be2db08aaca609b55990fd98a3a1ec2a4d53cc8eaf3199f1a8a70ca46a33737ad0b28bfdaede4
- SSDEEP
  
  3072:Lr3r8K5ANl6WnELPM2sxGJsjv5kavI4NwcW3HqXp9cn6/48E2M+RiRwyqicq3vXv:j
Score

3^/10
behavioral14
- Target
  
  PvZ_Tools_v2.7.3/platforms/qwindows.dll
- Size
  
  1018KB
- MD5
  
  d958f115de0bbc6d93b61c8a6dff1777
- SHA1
  
  88df458dd48d303c55b6fa1ae1a17b7cdd634e59
- SHA256
  
  4612f51234fabdc683f350805bb69faf1a12ce92329afc1b7d7dc9709ff7d5fc
- SHA512
  
  cf39788c9ab52730d02f705993aed8d751979f3b2cad0ccee007565939ddbb3f0d3204fe2446ea5f43bc689acb2eaeea55bcb1662608210c7f7c648d22e5d119
- SSDEEP
  
  24576:xNN8dkE4Y/uDfdVAUVdYJhPyYmV4yJFuZe:9IkDJrVe7mV4I
Score

1^/10
behavioral15
- Target
  
  PvZ_Tools_v2.7.3/splash.jpg
- Size
  
  182KB
- MD5
  
  42df865ebbcd552b23eef7073fd9d09a
- SHA1
  
  9d3cfacc387b829f4ffcb15aeeb1f43f208dafa4
- SHA256
  
  f9d58c970fce34b9522a54dd03bf56d9cc5e4d3079dba5bfe8708f08bd1c493d
- SHA512
  
  299f530136ad1b6887e40eb79d4c98d25c714002ad35e290d93fddc0942c3526138b0fd4eac6ae9f9c1031f4f5dae251810f594347cb83eb2e8d5ba0ccf59678
- SSDEEP
  
  3072:HQ8uB+UQ3XlY4K0mTbwgJokD24xWWHS8yXzQjS8hx5Oy7SqedB973jWz0/gSjqpL:wuU8O4U/VJa4JHj2kjt9ZgB9P1M
Score

3^/10
behavioral16
- Target
  
  PvZ_Tools_v2.7.3/styles/qwindowsvistastyle.dll
- Size
  
  115KB
- MD5
  
  0270631ccef7123c7ca6fc67cea71547
- SHA1
  
  2bee5b23a394ee7e82787698bb10e77ef051bc88
- SHA256
  
  3a370657acc91cf180b2f0fd57acdb10e06f1472a98361766b1a4acf4667e879
- SHA512
  
  8f39ab1905b27a140e55a5a5fbc32e4c3a31c212f0c07cf6310e173be2251d0c04f14dcd6a4109fc1209afcee2e00b081bcf2df9aebf9255d44d3d2a6a879706
- SSDEEP
  
  3072:B7QFOzuIWZrflOwSofH3KX4AeL3Eg9BfrPIB3i:nm9nfXKX4AeL3Eg9BfrPI
Score

1^/10
behavioral17
- Target
  
  PvZ_Tools_v2.7.3/vc_redist.x86.exe
- Size
  
  13.1MB
- MD5
  
  dd0232ee751164eaad2fe0de7158d77d
- SHA1
  
  7391663f07cba7c99f3503929fcd3561f1f6a552
- SHA256
  
  4c6c420cf4cbf2c9c9ed476e96580ae92a97b2822c21329a2e49e8439ac5ad30
- SHA512
  
  cc82a7a8ead3c036559109d4daee623622edd4b4b5241545efa0e36d906c1af10d4056ad003f8849475f4e1e625eb9f27de7a9e13b28ac7ab88da99d5f926c2e
- SSDEEP
  
  393216:eEHMlptVYmfr7yBG/4u1ma3R9kCX83LHqD:eeApttD7yBG/Fm8Hg2D
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral18
- Target
  
  PvZ_Tools_v2.7.3/zlib1.dll
- Size
  
  67KB
- MD5
  
  b8df9a371633ba11745568058cf5b276
- SHA1
  
  cab4c79c9194d9acf431a4680f6ed195d51b9722
- SHA256
  
  d0723dbf7f5523e8486d7ec47f61c7ec9e4f4222ae77d01ee7aa1db1e2584980
- SHA512
  
  064c5940fcccdd091e9341837b63c63e6f270b689bb5a4e8ca5ebfb087d2393988583695035d5ab32d3e00379aaa88349c3216528bec538805fbff3e8e7b0ea8
- SSDEEP
  
  1536:hHvnxyi1tqVsLEIAQh1wV80es2IOQIOmIle/f:9vxlTqVsLE1qSZXUGmCe/f
Score

3^/10
behavioral19
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/Chain of Trust - Let's Encrypt.url
- Size
  
  63B
- MD5
  
  602123159a5849aafc26d0a7486a7ef5
- SHA1
  
  d671e272287d01e50d6e06bdf21fbbb08e9cedab
- SHA256
  
  9858a99f9319652054ee767f10ba12cbe23c2ff7d63b38c42073ca798fe857af
- SHA512
  
  ddd1b60d032d35cca5a9e049a35cb1d2ad1c6b9669982896ec2b4d66df8aa5e46d0326606c837a48fc044d3d81a33ead4b83691a491476f17e96011e805b2f35
Score

1^/10
behavioral20
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/ISRG Root X1.der
- Size
  
  1KB
- MD5
  
  0cd2f9e0da1773e9ed864da5e370e74e
- SHA1
  
  cabd2a79a1076a31f21d253635cb039d4329a5e8
- SHA256
  
  96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
- SHA512
  
  3b40f27e828323f5b91f8909883a78a21c86551761f27b38029faaec14af5b7aa96fb9f9cc93ee201b5eb1d0fef17b290747e8b839d2e49a8f36c5ebf3c7c910
Score

1^/10
behavioral21
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/HTTPS 根证书/ISRG Root X2.der
- Size
  
  543B
- MD5
  
  d39ec41e233ca6dfcfa37e6de014e6e5
- SHA1
  
  bdb1b93cd5978d45c6261455f8db95c75ad153af
- SHA256
  
  69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470
- SHA512
  
  2bfbc06bdba0864bac09e5de0be19d67f5640b754c8f1442a6afb9ddbf8e03bd31063bfc01dc638f87ae8a8215ef37f94ce679291b050e44599d5fac564c6931
Score

1^/10
behavioral22
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/下载游戏 Plants vs. Zombies.url
- Size
  
  60B
- MD5
  
  fba69962bb49199d677de9fcc0eefd76
- SHA1
  
  2087c762794faa9b5c82fb7efbde8246c2d4c991
- SHA256
  
  a6a053d268f5d6a6d036587273aa443def001aabaafdf8ea4b052d128d455f52
- SHA512
  
  07899afa6c9dc0e66ead6fca119b673dc279687b186a61e91cfbb049c8947313f89e153da2ff9c89aa4b93d5412be9cf30f7e52e828c9b6dbb6b48d03290234b
Score

1^/10
behavioral23
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/下载辅助 PvZ Toolkit.url
- Size
  
  59B
- MD5
  
  b79925f1d57ff610029295cebac34ad4
- SHA1
  
  b78e861fc3cd3ed5bd02249e18d0aa84c596efa8
- SHA256
  
  2989bc86b0f92f1b68e3a53d48ff5333204a0c0126f1bfd3ce637fd9411ca375
- SHA512
  
  070b2c566844ce4e56ad652f72fb922242eaf98a1e6b5f22eb08585dd0307eed2806fab1ed603fbeca9bdc134ac572cc6f139f06810dece7050ad8455cabda39
Score

1^/10
behavioral24
- Target
  
  PvZ_Tools_v2.7.3/植僵工具箱网站/阵型列表 Endless Builds.url
- Size
  
  58B
- MD5
  
  31f81f5b8e7b6b129ccb1011410c8337
- SHA1
  
  d4b919d21372a82d9ff5fffaabf494c7d7f25486
- SHA256
  
  8f4fc0f1b6ab7012205da1e7e7250465291093d76fcd5fa4ac0c0b232592c0f7
- SHA512
  
  30d3470f1e69578a92c58f9d45fd69089801d0c2369d86fab5069ac2aace0360e01a9eebaec7d3e7ca78f25c7b22d9e13d05af8fbeaaef5d698cc9a165623aea
Score

1^/10
behavioral25

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25