Overview
overview
10Static
static
1大航全�...API.db
windows10-1703-x64
3大航全�...API.db
windows7-x64
3大航全�...API.db
windows10-2004-x64
3大航全�...��.exe
windows10-1703-x64
10大航全�...��.exe
windows7-x64
10大航全�...��.exe
windows10-2004-x64
10大航科�...API.db
windows10-1703-x64
3大航科�...API.db
windows7-x64
3大航科�...API.db
windows10-2004-x64
3大航科�...��.exe
windows10-1703-x64
10大航科�...��.exe
windows7-x64
10大航科�...��.exe
windows10-2004-x64
10General
-
Target
新建文件夹.7z
-
Size
5.5MB
-
Sample
230416-v5hkcsce3x
-
MD5
8fc853b1ff254bb812c0e935a19b5a87
-
SHA1
ae34cfa18a0670036d892fced6ba542068e13c04
-
SHA256
c7a6d9c03343f882bf58d13a6a79db731c6eedabe67cb4a78d08e66b4971498a
-
SHA512
66a7e4c1718d5c8ada907b2ff21f18d5913a98672669640bef338af2a69ce7a4c3f6119453653c1504a715849ab7ae20e39bb49ed3f78c8c33738c4b0029a578
-
SSDEEP
98304:XGb/MMNfz3ddmsZh+9kzERDpjTEJN0ntJUFFDkH+yIO8Q4A9nj5Do1ubgd7LTfU1:XGY8Lt5UTED0tmFD3yIOqAY1uUZTfUJ7
Static task
static1
Behavioral task
behavioral1
Sample
大航全球实体卡-虚拟卡接码电脑端口/X64/DIFXAPI.db
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
大航全球实体卡-虚拟卡接码电脑端口/X64/DIFXAPI.db
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
大航全球实体卡-虚拟卡接码电脑端口/X64/DIFXAPI.db
Resource
win10v2004-20230221-en
Behavioral task
behavioral4
Sample
大航全球实体卡-虚拟卡接码电脑端口/大航全球实体卡-虚拟卡接码电脑端口.exe
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
大航全球实体卡-虚拟卡接码电脑端口/大航全球实体卡-虚拟卡接码电脑端口.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
大航全球实体卡-虚拟卡接码电脑端口/大航全球实体卡-虚拟卡接码电脑端口.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
大航科技全球实体卡-虚拟卡接码PC端口/X64/DIFXAPI.db
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
大航科技全球实体卡-虚拟卡接码PC端口/X64/DIFXAPI.db
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
大航科技全球实体卡-虚拟卡接码PC端口/X64/DIFXAPI.db
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
大航科技全球实体卡-虚拟卡接码PC端口/大航科技全球实体卡-虚拟卡接码PC端口.exe
Resource
win10-20230220-en
Behavioral task
behavioral11
Sample
大航科技全球实体卡-虚拟卡接码PC端口/大航科技全球实体卡-虚拟卡接码PC端口.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
大航全球实体卡-虚拟卡接码电脑端口/X64/DIFXAPI.db
-
Size
10.0MB
-
MD5
216d9df008dd6f1d3df83fce613524f6
-
SHA1
3b5f566334d588add84a0c7983187bccfbbf5aa7
-
SHA256
86be4940c2fc18eda11fa860c815eddcf98689aea446814127622bd47abec547
-
SHA512
bab7288b6a3740fe14cfd8e325fa78528f2288e87b08e60bf88f0753f99b6ffa4663933718e176b2549f371dfd85735424146d4b751d065324d1ff6dc8e9061c
-
SSDEEP
98304:27mUa6pMlGs+XMdFtDkHYOToHYOTFHYKHY6HYpwaLsyJ95xJm1hEVT4eNTigdGWO:EmVfcMv1iwaQQxJlTENIJranuf2jZ
Score3/10 -
-
-
Target
大航全球实体卡-虚拟卡接码电脑端口/大航全球实体卡-虚拟卡接码电脑端口.exe
-
Size
2.6MB
-
MD5
9f339063dbe562051732472b0f73c12d
-
SHA1
2ac2940992ad9cee88092e18566c82f6b6c114b1
-
SHA256
7955c98c1bd693e24c92833f2186d58dd0c5fad231a8f27572bac5aeb2793674
-
SHA512
06d44b0cdc4b62536a61d4cae7e9b96a435e13907890b1b423d64e9b2c68cf6dd342eefa3af1601018508353c837d35d2a28f1d29306f990b32367f63e09c7ab
-
SSDEEP
49152:MC8ie3CGb7SCEns4SdqyTZ0Z3dMZG0+RQnwyiAKP1HrlF0OS20wlR+BkpT:e3+P2wyiAA0OSylRMkp
-
Detect Blackmoon payload
-
Detects any file with a triage score of 10
This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
大航科技全球实体卡-虚拟卡接码PC端口/X64/DIFXAPI.db
-
Size
10.0MB
-
MD5
216d9df008dd6f1d3df83fce613524f6
-
SHA1
3b5f566334d588add84a0c7983187bccfbbf5aa7
-
SHA256
86be4940c2fc18eda11fa860c815eddcf98689aea446814127622bd47abec547
-
SHA512
bab7288b6a3740fe14cfd8e325fa78528f2288e87b08e60bf88f0753f99b6ffa4663933718e176b2549f371dfd85735424146d4b751d065324d1ff6dc8e9061c
-
SSDEEP
98304:27mUa6pMlGs+XMdFtDkHYOToHYOTFHYKHY6HYpwaLsyJ95xJm1hEVT4eNTigdGWO:EmVfcMv1iwaQQxJlTENIJranuf2jZ
Score3/10 -
-
-
Target
大航科技全球实体卡-虚拟卡接码PC端口/大航科技全球实体卡-虚拟卡接码PC端口.exe
-
Size
2.6MB
-
MD5
9f339063dbe562051732472b0f73c12d
-
SHA1
2ac2940992ad9cee88092e18566c82f6b6c114b1
-
SHA256
7955c98c1bd693e24c92833f2186d58dd0c5fad231a8f27572bac5aeb2793674
-
SHA512
06d44b0cdc4b62536a61d4cae7e9b96a435e13907890b1b423d64e9b2c68cf6dd342eefa3af1601018508353c837d35d2a28f1d29306f990b32367f63e09c7ab
-
SSDEEP
49152:MC8ie3CGb7SCEns4SdqyTZ0Z3dMZG0+RQnwyiAKP1HrlF0OS20wlR+BkpT:e3+P2wyiAA0OSylRMkp
-
Detect Blackmoon payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-