Overview
overview
10Static
static
72023.10.12.exe
windows7-x64
12023.10.12.exe
windows10-2004-x64
1HipsMain.exe
windows7-x64
7HipsMain.exe
windows10-2004-x64
7HipsMain1.exe
windows7-x64
7HipsMain1.exe
windows10-2004-x64
7[local]loader.exe
windows7-x64
7[local]loader.exe
windows10-2004-x64
7[sus]aaa.exe
windows7-x64
10[sus]aaa.exe
windows10-2004-x64
10logsave.exe
windows7-x64
7logsave.exe
windows10-2004-x64
7福建省�...��.exe
windows7-x64
7福建省�...��.exe
windows10-2004-x64
7说明书.exe
windows7-x64
1说明书.exe
windows10-2004-x64
1General
-
Target
21X.rar
-
Size
37.4MB
-
Sample
231027-edhhaabh7v
-
MD5
e41ae263dbff1d5fbedd1fcd2ffacf29
-
SHA1
5f5472723cb5f68a96af66dac402e26df83770ae
-
SHA256
57316e29bbf6391f28d0c11c78b61607b9b1a4e87fb3adbb1855b8773223f0e1
-
SHA512
ab340addba16bd3676b756817b40e154df9725e4c86f607de233ab6cb5b847dc28571ce3177c38fa4e09a243a61d183a9fd88cb365be2537f73b9ed0f368d534
-
SSDEEP
786432:B0e/c/RuUIi/REZYNBhnNVD8JKXEQ8HRvllE35y7:B0d/Rt/SZEVD8kadYy7
Behavioral task
behavioral1
Sample
2023.10.12.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2023.10.12.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
HipsMain.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
HipsMain.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
HipsMain1.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
HipsMain1.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
[local]loader.exe
Resource
win7-20231025-en
Behavioral task
behavioral8
Sample
[local]loader.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
[sus]aaa.exe
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
[sus]aaa.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
logsave.exe
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
logsave.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
福建省福州市闽运集团有限公司约巴定制巴士企划书.exe
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
福建省福州市闽运集团有限公司约巴定制巴士企划书.exe
Resource
win10v2004-20231025-en
Behavioral task
behavioral15
Sample
说明书.exe
Resource
win7-20231023-en
Behavioral task
behavioral16
Sample
说明书.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
cobaltstrike
100000
http://www.cainiao.com:443/mp/getapp/msgext
-
access_type
512
-
beacon_type
2048
-
host
www.cainiao.com,/mp/getapp/msgext
-
http_header1
AAAAEAAAABZIb3N0OiBuZXdhcGkud2VpYm8uY29tAAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAACFSZWZlcmVyOiBodHRwOi8vbXAud2VpeGluLnFxLmNvbS8AAAAHAAAAAAAAAAMAAAACAAAABU1ZTXp6AAAABgAAAAxYLVdlY2hhdC1VaW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABZIb3N0OiBuZXdhcGkud2VpYm8uY29tAAAACgAAAI9BY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuOQAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiB6aC1DTix6aDtxPTAuOQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAhUmVmZXJlcjogaHR0cDovL21wLndlaXhpbi5xcS5jb20vAAAABwAAAAAAAAADAAAAAgAAAAVNWU16egAAAAYAAAAMWC1XZWNoYXQtVWluAAAABwAAAAEAAAADAAAAAgAAAAhNTWRhdGE9QQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD/d86l8Xj9QqEpe62poRSoK8dNn6QFRLe10WufYGHU07TppYiU2koxHDn0ar2iA3kXdUohoBEX00MfKc0AkAi0q7NX7Zl8/L8iLBRsqVKDgCJAm0OoooZAfiJsgoxSly3jYSJyeTtXzPweo4BsNCXGBZrsuIuHpcVe1v+OAMdzQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.532302592e+09
-
unknown2
AAAABAAAAAIAAAADAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mp/wapcommon/report
-
user_agent
WeChat/8.0.5.32 CFNetwork/1237 Darwin/20.4.0
-
watermark
100000
Targets
-
-
Target
2023.10.12.exe.vir
-
Size
90KB
-
MD5
21a8040f7c5af2ec8fbbc57467675d44
-
SHA1
146dcdd46879ef509f7c0b69da44885f2be05d7f
-
SHA256
f288f3a0cd9c65582be25f1db59ff3a37060e9e42afcb24ef243d615f228a51a
-
SHA512
8a7e8a3b71e921bce44bef11d109bbc67c06c46c66530a5fdcf5173ba8f305916911fdb9b864b488031eff77a43fc40679be2f5d3efdfc017dd5683236a55417
-
SSDEEP
1536:Tqw2luNuu69jSFlwq2rNDCkM8XiOjpNwX:TqwDNuu69SwRrNDSciOj3
Score1/10 -
-
-
Target
HipsMain.exe.vir
-
Size
9.0MB
-
MD5
4eca89b96ba84a68348f85b3a9dc03b7
-
SHA1
a1fd3e9093d8153b15fc1102f35c745b375ce9dc
-
SHA256
8df72d49778de3cc2ba9c31299f7f4a0a0a144ea4826a51b1de75d037ba2a7f7
-
SHA512
6170c930d76c9aca6ee9a6b4816b829677c7b303a20afc62e38fe675c7acd1e1fb8dca756c4ed44106fa1f37a99e05ebd271f78b7edddf238a3a15effd78ec32
-
SSDEEP
196608:ohPrc50mr2puHUHNTqICteEroXx8axG6NIyzlu8pgUN0Mi8mENps:OcKmr2pu0tTqInEroXOakuIyzlu8pja4
Score7/10-
Loads dropped DLL
-
-
-
Target
HipsMain1.exe.vir
-
Size
8.4MB
-
MD5
dc3b09a3b203597085bff5fba0c6fe3a
-
SHA1
1bad277e39b990c24820e2ef81ff0b7d4a80cfff
-
SHA256
bb14de223f20598b1aec67cdb3a06579ba74537251fb0a753ed40bac2063c2b5
-
SHA512
5b215002bed2774499c21a4c70661e6a5b4bc107f91a649c4820f6c473e76c548189221dc5f18dc97ef3eb3fe9f8d1e82585a419ea468a9e1bcbe4bf8f20778e
-
SSDEEP
196608:KUAcQ50mr2puHUHNT29onJ5hrZERw+ENFJzFcguwWA7gMjs:bAlKmr2pu0tT29c5hlERwRFJzFcgupAc
Score7/10-
Loads dropped DLL
-
-
-
Target
[local]loader.exe.vir
-
Size
12.1MB
-
MD5
ed7a6ed7c9a3264735d7d58282dbf6ee
-
SHA1
6e58ab251077c3ff0b59f8a8761f214f25dafc3b
-
SHA256
824c6fffe52727bc336ff393c4490b44f01527736e689556ff021932b9cd4fe6
-
SHA512
a223f25f3c1a05b84d5d8cf0aaa4bc5339b850823b8404cb052d14d9ca044886336650147722757df85b06aa42a73fd7f37b6f42f753cd73209a466b77bf0df7
-
SSDEEP
393216:RJlGlfOnzY9c5hlERjAdZYygtNITfZWZrtj:RDGF40EhkjAdZgtNig5j
Score7/10-
Loads dropped DLL
-
-
-
Target
[sus]aaa.exe.vir
-
Size
931KB
-
MD5
cfc57322bbf583daa8ca4b6394ef3d76
-
SHA1
605fbb32829efb51bafcad74bf0ef4e425003795
-
SHA256
a501f0e3846eac845a82efc6b084ee0bc118f385d4a9f89e60b618290cb9f439
-
SHA512
c4de73f6262824e6c0ad20a277918260696c765c0c23a2305f7e88b58a7d18e02508617615eb19593b98c59d631c969b200de19c55019f6d412f5025eb6e4c81
-
SSDEEP
24576:yyg9aJWprJRqy0wdd6DKRXpka5aPfaM9TN/uYh:yTOUrTqyLdMDgZkaM6M9ZGW
Score10/10 -
-
-
Target
logsave.exe.vir
-
Size
6.1MB
-
MD5
1c1d273d8769694becc49e11115b836b
-
SHA1
fa922c02249d42f52b5567ebbfd80f075229f01b
-
SHA256
6f308020a1f664d2ed8682948782a69deba034ce5b1e51c7bc5234919c5816b3
-
SHA512
1f11c4e2671cdb61a4467127a492299dbfb47d53fad7db9f94767e152c82c4395ad0352d9b5534d7574702c0076027f97ae71637a94cc5b27d7056a9f6f27516
-
SSDEEP
196608:n29j89onJ5hrZEce9tGPqKSWaTbIAa8XH:2F89c5hlEiPNSWa3VX
Score7/10-
Loads dropped DLL
-
-
-
Target
福建省福州市闽运集团有限公司约巴定制巴士企划书.exe.vir
-
Size
1.8MB
-
MD5
4013cafa7be58a15952fd1b924c2d598
-
SHA1
7727b1966117978ea117483aacd70d91988f8310
-
SHA256
32686b4e8ceba0cf5dbceba44392024633b750920f7aaf39d8ea14a1125049db
-
SHA512
89798c698d7d7b9284d6d84cd1e5432d36445e23402a61604e26a3de0e2ac0ba53fa0a903fb3533bd831c73cae3a2e1f7b3706ef69ccf3441e6df08830e6f7c9
-
SSDEEP
24576:5n8XoKkFkS+DMIxNrSkp9PPSYCKho+KuFJOgtwDB/LkiWdpw8cPYT2q9IVzr/XFs:n+IGFDP39olEO7OdpOYKH5pvE/nqxsl
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
说明书.exe.vir
-
Size
1.9MB
-
MD5
a10bf17c35e14ff2b95b2bf7f1a002d5
-
SHA1
c4aebc4b2697f65817631b72b8c19bb3601ae840
-
SHA256
5f1a4c7fce773a2c54e4e8d840d554ff0b8349639eacb9762e2fc1732d9433ec
-
SHA512
e74aca0b7ebb7d609d77d650ed0bfdfac7cc618ab945d3a291c8efc3505d1343e2850ae1d02b8321d49d0b9646c60fe5d1438a0505bd330e8a81729384c121bd
-
SSDEEP
24576:Pq8eiTqrynoLmSgmbVQ7hiP2W270WOp0dWslQQ7FAo:l2mOQ5Op0dhlQQh5
Score1/10 -