Overview

overview

8

Static

static

3

9490.exe

windows7-x64

8

9490.exe

windows10-2004-x64

8

备用(7.8).exe

windows7-x64

8

备用(7.8).exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    1.zip

  • Size

    483KB

  • Sample

    230709-hwf9qaba79

  • MD5

    3e6a078b3a44d9c87d405ee8781da029

  • SHA1

    d7849160a561e555d4005776143b406641d2e2dd

  • SHA256

    3f916c29b2a870b9bad97c5241fc741b2cc2e9c685cf546293fbf4a85b3fdb5c

  • SHA512

    795fcb466b95de17f4e0c668175a1a895a958ecdcebd79190df23385810f8f3c80904ed4c66cbb182adcc6c5d5cbd8103265d39f6e8e7884c13b7ea9e597f20b

  • SSDEEP

    12288:kNcqmvf4gFFPAq1djXG8cx2gJL/5djexVJHxIcSps:kerdFljX7cNL6JHbSps

Score
8/10

Malware Config

Targets

    • Target

      9490.exe

    • Size

      784KB

    • MD5

      bad1c7f4142b4f77f8c2b8fa8d951fc3

    • SHA1

      921c6efe84ba7cb87660a91ac3585a2aad13f276

    • SHA256

      c62ead7c9a5c82f662734d2f3b6aa0f9c6e75fc5430ef848714dec298d88a9f7

    • SHA512

      5ff88b86e34379bfd8645e9c5dd994355e412f08ea37d771a60fb9e925b95e1422a7a45c9ecfd0a84c0fb23d600de56e7280bb6f89ab88669030d52d25c1204e

    • SSDEEP

      12288:SBnj7SURX4ZF+5nWuZGzn0dCbvhdEDRnnb:S9j7SURX4ZF+5WuZGzkCtd

    Score
    8/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      备用(7.8).exe

    • Size

      788KB

    • MD5

      84ef87bf8ad98a3c629a603f40c2decc

    • SHA1

      6dd5edf40a29caf6087dadb8b08587f891102e92

    • SHA256

      7604cb525b33a3f59183d5d468346243ae2a0880ed1c1f66d527c961c99ebc3c

    • SHA512

      3e045e7466f896cef3e835e38cffa4d8c1ea2c626ec1cf4858ea9064596f4036544b2037feccf1946c03910a1a68fe276b0790aaddd2873b343c6d6fa0154f75

    • SSDEEP

      6144:psUukpG9DLXZVFalG4qvrDshSwTRvGATM5NbZ+ITT3xs8w/UjMDW6Z+dFBLH9N:ypvRJVn4qvoTROATM3bZ+4fMF+dFBRN

    Score
    8/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks