Overview

overview

7

Static

static

1

yyb/一键...��.msi

windows7-x64

7

yyb/一键...��.msi

windows10-2004-x64

7

yyb/一键...��.exe

windows7-x64

7

yyb/一键...��.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yyb.rar

  • Size

    2.8MB

  • Sample

    230424-pgaa7abf95

  • MD5

    7f6f90e6214c0fea75e702dd15edc6b5

  • SHA1

    391e4e2ea5d99e208705e45972d6545013901194

  • SHA256

    d9120c47c1a67a29aa759bd623219a4a9ddf5bac9770763d12668de4603c198f

  • SHA512

    0c3684d126a08dae4e17fd677402f7e5bacf124575a0d5ef3e8a90706fbeb7da40cb831807417831190c49888275b190a09d6b476b8c213c7212687bfd961bb9

  • SSDEEP

    49152:m2Na7qykviX7Tts+9ZVD62RORxAEVuPEP4PKrUi/yduDahbHLa2jrYw2gYXi:m24ZkN+9ZV7R83VL4PNiGuDaRra2rYwX

Score
7/10

Malware Config

Targets

    • Target

      yyb/一键解除聊天限制发消息.msi

    • Size

      2.4MB

    • MD5

      34005be000da79f8b8aa3b39beb72e53

    • SHA1

      f66828bee9d1c5906b09f12a5d8e5e754e13842e

    • SHA256

      7db95568b1f923c7006564e1af05b82cc4f1b6c5344b8c5e3707e999a1bcfb7d

    • SHA512

      2a9d7cb687505b3d30d07f795c2f47937ddb7ee07d1631c305a9b9420b3e1a0ee2738fe37585c4fabccf82f6ca7ae528872841597e9007c6a0ecce35529e3132

    • SSDEEP

      49152:IkYByN3Dpo7umE/41QLdk04WmAUmWyUHwpbzoc1xzMluR:3Dm7PQLdk0kiWyPpbscHNR

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      yyb/一键运行解除双向限制.exe

    • Size

      1.1MB

    • MD5

      7c5ad8d04da360975dceb3370f9b7b88

    • SHA1

      71ab1868050ebd2f63ca9f8505af4247bd809829

    • SHA256

      285d867834fa82cd7d870f38c0e5d861fe182be1d4a5257c47b05aa254fae09c

    • SHA512

      f16b6d807258541d18e66ab2d1db68ba2e0ab5730db2c9e8f1c6f936a93ab3e03c53fd8c9d3374fe989f4708f2c10fc9bfe3832c5288613a9bb6f366d4355ac7

    • SSDEEP

      24576:L5dcVYMGuqTKNuMX8kOf3R77S4PhwHgMLu8v7buN:L5dc6BKNgfft245wi8vS

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks