Overview
overview
10Static
static
310.20 저�...nt.exe
windows7-x64
110.20 저�...nt.exe
windows10-2004-x64
12023-11-17.exe
windows7-x64
102023-11-17.exe
windows10-2004-x64
1020231116端.exe
windows7-x64
120231116端.exe
windows10-2004-x64
1Pokemon-Sh...er.exe
windows7-x64
1Pokemon-Sh...er.exe
windows10-2004-x64
1安全检�...cr.exe
windows7-x64
5安全检�...cr.exe
windows10-2004-x64
5未解锁�...��.exe
windows7-x64
5未解锁�...��.exe
windows10-2004-x64
5Resubmissions
17-11-2023 11:39
231117-nsb4gsha54 10General
-
Target
6x.rar
-
Size
8.9MB
-
Sample
231117-nsb4gsha54
-
MD5
9e48e265b3926103852b0165043cf2d1
-
SHA1
6f6a0b4f6e465358d1011ef91af3c04aea9d745d
-
SHA256
e74ae95242abb122523a9c5ca121d99ed569515554a5b02d592214947e4a0774
-
SHA512
060bb933b313646178f21ba6ca9e16b60a7223ac68aae5ed22f0412f89c7bba275ed3fa671abe1de32184c0504ec9556ee826f82b163bacc5fa97f8627a4982d
-
SSDEEP
196608:1dLA6C5V0SKvVUIPWtGKDG5Lwamv1S8XUBQhNn/fwcMQP:1dnZvVmdDG50ag48kSBnd3P
Static task
static1
Behavioral task
behavioral1
Sample
10.20 저작권 자료 2023 - Hybe Entertaiment.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
10.20 저작권 자료 2023 - Hybe Entertaiment.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
2023-11-17.exe
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
2023-11-17.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
20231116端.exe
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
20231116端.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
Pokemon-Shellcode-Loader.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
Pokemon-Shellcode-Loader.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral9
Sample
安全检查资产上报收集表-20231104-___xslx.vmp.scr.exe
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
安全检查资产上报收集表-20231104-___xslx.vmp.scr.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
未解锁成功企业名单-电脑版.exe
Resource
win7-20231025-en
Behavioral task
behavioral12
Sample
未解锁成功企业名单-电脑版.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
10.20 저작권 자료 2023 - Hybe Entertaiment.exe.vir
-
Size
3.9MB
-
MD5
e7d9e0958885f34da44ae88dd5156a0b
-
SHA1
b5c76d314478ded785b0b23bd5b6d9bbf856e33d
-
SHA256
484a6f30c8ff19e9c908888666e218738035daf232691c37742206a7870e75bf
-
SHA512
f2e1a62e9ce5aabd48cc54253892d182d1ee4f06e675c3a2c9b1b26ebd0351c21567ce70348b3d2da2f64f047f83dfa0637bf1e9f6c70cc86c7ef19911400135
-
SSDEEP
49152:c2KYSTaPZynvI39ZhCbIymD1XW4IA9jGXC9sk/IRUnyX12l7Xoc40U9iC/YxMe:x4arZdTIAcXo3yCXD40U9i9
Score1/10 -
-
-
Target
2023-11-17.exe.vir
-
Size
1.2MB
-
MD5
e4b61de15bcd690222a2f42817299434
-
SHA1
25450ea7ff0286b13c674cffcc264b174a133849
-
SHA256
f41bd077e20efe9c56a7cfc9535bc5538a8f57a32559e13eff47a69a55de68f6
-
SHA512
311a8c8285ce346481b40d16ef01c31e2ecd8808cd4c8096053cdefcac6c3ba481e7837344cd7157d97dd4ef8758d1dd9115172ff83f473e90820d1e819c992c
-
SSDEEP
24576:cJEwSKlyiFU7SsmMUkwUbbOyvAl/cmMcGk3+77VMorutImQtBe/+6icqj:cqgyGsCc+yfCM7++58/riPj
-
Detect Blackmoon payload
-
Gh0st RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
20231116端.exe.vir
-
Size
1.6MB
-
MD5
360fd9b01505ba48bf1b020b3c4886eb
-
SHA1
890969d061274d981052d60e78f0c256f7e84032
-
SHA256
d2d6394e87bd144c0a2259604ffecb9d98803e6f8c4b8edf6df6b19559597783
-
SHA512
f25c607d38b1ce968b2537293764ad3d21548b9ebacecc430ad40e1234c361c117bb98664d16362e3415e3425d80d633d12637e2b89c1631a8fd839c031d420b
-
SSDEEP
12288:3H94IkPCLv3uCg8TjnRH4F2RUAzmB/nW4b4fTlxm9hBEjVhUcyL4NJm4tparK8pW:XR9LfRfRvbBxm9EgLcm9rKrBfJXAu
Score1/10 -
-
-
Target
Pokemon-Shellcode-Loader.exe.vir
-
Size
228KB
-
MD5
584ff21cb8f392b228df18ef3215d0db
-
SHA1
0f70e7dee7ce09057fb80ab246649ba99d5cceb0
-
SHA256
53ae48c81b781bbf5619ed7fa50bea3a0360709d4113f02b3e3ed58512cf3d24
-
SHA512
5cf675e5a2ab93a8857c23b88a89d7e739f3b5e3fb4a2a84a6d95b68fc3b6c5fc2fb75c0f6926c1e11c0fc6a5efe5a249976c1ddd79cea073a55d371c8fe8fe8
-
SSDEEP
3072:lVgSMIUsOVGOcgaNISK9LuPPQJW12Z8dF:8SMPsISga69SGi
Score1/10 -
-
-
Target
安全检查资产上报收集表-20231104-___xslx.vmp.scr.vir
-
Size
6.0MB
-
MD5
d8443bd24b359098862057d1f7d3d1d5
-
SHA1
72c27d3a02ae775331cb866724c843f69ec16207
-
SHA256
033e2a68e082ba2b9eb9f9b0b9b92fdc647443ce0f7813c83d685f75bed01b6d
-
SHA512
05eddfc5f00ef4eb06e2c2575fe022d1c6d61ed31150de4898676743d8f139b160f4c0ef4023869d86f319f1c65668778fe781e879563d03238e09b3633327c2
-
SSDEEP
98304:TbzgEx488OgcsJuUylT/Qtk489LjQkKfusVX2jQvAEecACMP2mW/C70:THgUi8/jLZ57YusYjQvAEecjMP2mws0
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
未解锁成功企业名单-电脑版.exe.vir
-
Size
408KB
-
MD5
dd62abc08db08b25e95fe27a0fe491ba
-
SHA1
5ad129285af0068cd29a07c842032fa2a083230d
-
SHA256
61fab831d9a503c4521abcb360412994682c6baa97170cad50b22c32ec8090e6
-
SHA512
57520208fb04965f1b29dc6f4d1255893ac53e28f2f33e9612a5052918f44e7d019b7bf06cb77d694a8eeb77296a29afed02baab9c8948faf0a217a7a0166491
-
SSDEEP
6144:MUE6N4FFuSmzoTcUJGIY9VIAeBjCVxdhPJbPfZE+M9IrC1hMK7VZxOlG:MlFuSooTR0IYXIAgOVxxPBPM9GhKBT
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-