Overview
overview
7Static
static
7chinhphu_v1.apk
android-9-x86
1index.html
windows7-x64
1index.html
windows10-2004-x64
1l762f62c5_a32.so
debian-9-armhf
1l762f62c5_a64.so
ubuntu-18.04-amd64
l762f62c5_a64.so
debian-9-armhf
l762f62c5_a64.so
debian-9-mips
l762f62c5_a64.so
debian-9-mipsel
l762f62c5_x64.so
ubuntu-18.04-amd64
1l762f62c5_x86.so
ubuntu-18.04-amd64
1mask1.html
windows7-x64
1mask1.html
windows10-2004-x64
1Resubmissions
23-07-2024 15:34
240723-sz3bgaxcmj 1012-10-2023 09:42
231012-lpmppsbc6v 1024-06-2023 17:44
230624-wbcmpada5y 7Analysis
-
max time kernel
19s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
24-06-2023 17:44
Static task
static1
Behavioral task
behavioral1
Sample
chinhphu_v1.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
index.html
Resource
win7-20230621-en
Behavioral task
behavioral3
Sample
index.html
Resource
win10v2004-20230621-en
Behavioral task
behavioral4
Sample
l762f62c5_a32.so
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral5
Sample
l762f62c5_a64.so
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral6
Sample
l762f62c5_a64.so
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral7
Sample
l762f62c5_a64.so
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral8
Sample
l762f62c5_a64.so
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral9
Sample
l762f62c5_x64.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral10
Sample
l762f62c5_x86.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral11
Sample
mask1.html
Resource
win7-20230621-en
Behavioral task
behavioral12
Sample
mask1.html
Resource
win10v2004-20230621-en
General
-
Target
index.html
-
Size
2KB
-
MD5
17c59f1a89773ba82365ab6ed861aff2
-
SHA1
902c7f0d9d7e58ba46bf99aeb25d904a5077ebfa
-
SHA256
9eef2ac5a8846fdc480b99909c22a4b6c844654a0f7589310a1eddaae6b74705
-
SHA512
bd702d1330ce70319a413c2932aadaf93df6c6aa5ed6adf68ab323abef04853eef041fa248decca09671456c1ddd92ad1bf8efacd56358862e499ba52ec4f60f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid Process 864 chrome.exe 864 chrome.exe -
Suspicious use of AdjustPrivilegeToken 20 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe Token: SeShutdownPrivilege 864 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid Process 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid Process 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe 864 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 864 wrote to memory of 1524 864 chrome.exe 28 PID 864 wrote to memory of 1524 864 chrome.exe 28 PID 864 wrote to memory of 1524 864 chrome.exe 28 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 288 864 chrome.exe 30 PID 864 wrote to memory of 1500 864 chrome.exe 31 PID 864 wrote to memory of 1500 864 chrome.exe 31 PID 864 wrote to memory of 1500 864 chrome.exe 31 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32 PID 864 wrote to memory of 388 864 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7049758,0x7fef7049768,0x7fef70497782⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:22⤵PID:288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:82⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:82⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:12⤵PID:1944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:12⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1432 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:22⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:82⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1260,i,9534298825562538471,3372030385812169841,131072 /prefetch:82⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1108
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD52e0f2d004a296a9325d0e09e51921fdb
SHA1a7535dca619b511b9bac74fad4af2705e14d4a63
SHA2562b9be7606587ef200f4477a4f8c9a5a96b615d12b072257627014e0382292ea3
SHA512628ce962f857365faa9754b13c52abd5c035a23376d55b1c658cea51de459bbd8c2788b4d486f903dacdce333ad41a8b11f656a404a460e4b6f2d6b98c48a0ef
-
Filesize
4KB
MD5ffcb328f9f6d7031ad6cd5b361caaa5c
SHA12f4ea070f0b9c42dc92d1f9bde2cd0d190d283c3
SHA256782daccb01a0b9745ffe30cbcc05b6c85388bec69d62f3042dc330e7200f4850
SHA512e30a9fce590e02c51ead93c6f566f438794dcf0c0085571b1d220c17040301d35f0d4286119af09b64deb3b102acd2c1459163f4886a41b410f8d78bc85e3ed7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
175KB
MD5e5271050ba9e4d7ea3f256353beb07f9
SHA1ad875889ead75352f2eca14bad1e5144554a4a27
SHA2568f8900219194a0e9329263ba9c068a6cb0e071e3b298c4ad6794b6b93612cd46
SHA512abb2acfb31ec1ee1d29cfeaff33d0d5e190bac273ffd188ecb5f489205527b9fe326eb0a39b6f27724045cb1a66e6110ddd75d501c0c1eca207d2096f0a18ffb
-
Filesize
89KB
MD5d749e5c3d3c07f0f1c93408ef849a736
SHA1c46342d09560d3750aad1cf027e71c5d77f6707b
SHA256c5a972b971868d59d75f1aa07bbff69b395fa0c9996773d2a054f522a7fa579d
SHA512c3bf49a2a046bcaf2e2c1f7702bebb4541920afdd9b52f3b79147b75ffbac2178eddda71489d286eaa5d4796169efb6f934f1917b23c211fd03cb6af5affb118
-
Filesize
175KB
MD54edf446bf931828708e92a0bf37ad4de
SHA10a7728d7d5563b9cc099e62930f1521a0a8fe7fb
SHA2568cfafb5d9c91803ecd21efeb3649b70fe61f860a78b5eeaecc02a04712d88e71
SHA512199479cbc5e73545857dbd2861c294d77492ded88004edd7f6658445167f6c3d3812f1a02a82001aded28f79ae846894bf8bd9076e8f8a8a3ca509ea48bf3d3a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e