0cfc4ec5d31d5c0630453dbad12c5bd68176abfdc4a657703cf83105d3eb3624 | Triage

Resubmissions

25-08-2023 15:01

230825-sdyfdseg2t 7

Sharing

General

Target

搜狗输入法金秋1.cab
Size

121.3MB
Sample

230825-sdyfdseg2t
MD5

800ecd4c7b8e453ce0f01a2660d93ee9
SHA1

607a7ceb03f54b7575d49db6094ac756d85e1d45
SHA256

0cfc4ec5d31d5c0630453dbad12c5bd68176abfdc4a657703cf83105d3eb3624
SHA512

bd21a1693a4e3aa614b2a9afe09d376dac85432df743e02065215ce667e1e233638a9574deb34ed91d7fe7383958d056a6c6a47eb5a28e27ce7b8d2b70149c7b
SSDEEP

3145728:86Odyqv0eg18Rx0OYWebzLKQIjJYCX6EYsU1ocWTRKop315hF:86OQ4s8Rx0OpkKQILwicWNKop3nhF

Score

7^/10

persistence upx

Malware Config

Targets

- Target
  
  HKeyboard.dll
- Size
  
  34KB
- MD5
  
  48e38a57e83c94b9543fe357c2d050ef
- SHA1
  
  0db0ce5b37dfa3ed7769e4bf768e1a28681ffd24
- SHA256
  
  7914416a9340633db1131613e019707b21d14d5697563fa45e43a3e7b30b5d88
- SHA512
  
  aeeca21133dc8f70408d06cd4d802892ee289db7c1e8a69e18e9c340d30337445db0732e7dd8df9b74e89f30dbffc4c19eca0d6dc4597433e8e2949d99f8ef02
- SSDEEP
  
  768:qoYddSFBztVImSDFhlnmnTEDc3vyPWWGA+:qiBZubKi+WE
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  KS.exe
- Size
  
  135KB
- MD5
  
  6124c9b0e9f2c24878a19e167469da4a
- SHA1
  
  8a1813a862f3522f62f1f33cff6ce285f71406c6
- SHA256
  
  3a4db4165bd1b66f7bcc477e0bac2c872b57b2a16799be2b4e796465e390ebad
- SHA512
  
  3ee7b82fabc3febfb95c086f3e2488e6ae98c159829701323a4e44cf182e8f8ff3b2580c18874f616a4851ba3c830c476ddb0c8db8154ca384cb983f986b1926
- SSDEEP
  
  1536:hdQ3GllQsoaIEFgStIcoHFqidn7cr5NAzbYvwvfb6YfqpeBCosqrHhlUE+oMFMG4:hdrlmsoZHmFIp
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral4 behavioral5 behavioral6
- Target
  
  _sogou_pinyin_Release_13.8.0.8160_1111.exe
- Size
  
  121.2MB
- MD5
  
  32e82020e094e31a22eff21a8631720d
- SHA1
  
  d95795f0f07f570ae5032ff0e3b1ef9e92fd8078
- SHA256
  
  f36d62741de77493685c5fecd3d9bab16ec69ac48af10bbf3c6bd27e802c8086
- SHA512
  
  422c8e07eb8c16f9c03e05a2de3986fcdadf62b26d95341c21731d053fa5dc19810616552ab945cddfa6743fbb70d54d546fb780ef31e2c74072b52061b5d243
- SSDEEP
  
  3145728:VcsyS378uQ9FgVzhUL+vRV0Bp56wuoOYCHXT2CJGJwzuuK1h:VcsLpaFgVzhUm0BpMXSCJqwzuumh
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9