Overview

overview

8

Static

static

7

Desktop/ap...d).dll

windows7-x64

1

Desktop/ap...d).dll

windows10-2004-x64

1

Desktop/ap...x).dll

windows7-x64

1

Desktop/ap...x).dll

windows10-2004-x64

7

Desktop/dr...er.exe

windows7-x64

8

Desktop/dr...er.exe

windows10-2004-x64

8

Desktop/fw1.exe

windows7-x64

8

Desktop/fw1.exe

windows10-2004-x64

8

Desktop/ka...ce.sys

windows10-2004-x64

1

Desktop/�...��.dmp

windows7-x64

3

Desktop/�...��.dmp

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8415176d4dcd4170a5fb525717fc0ce16fa7a5471a562ec63b0a79b87a1a80c3.7.zip

  • Size

    9.1MB

  • Sample

    231121-fk7w7adb21

  • MD5

    e40dfe4e6df95d42919b9d022522eab0

  • SHA1

    73587510582372ee6dd2f2bb7689c947cae28361

  • SHA256

    8415176d4dcd4170a5fb525717fc0ce16fa7a5471a562ec63b0a79b87a1a80c3

  • SHA512

    a53befd35e081c94da3f2ac85611739b2c49b50a3edf2979f47ca01d3dd9f3e607332282dc0424ac250d15b50be4e9c06d36e9cf3cf6e65418ecf20ba16e4538

  • SSDEEP

    196608:tYrPjLy6TL4Gmdk/dEOonlVIW4DaK1FHWgyHn0Ll8iy34K+NZNw8lOzcdkm:tYrP1TMGm0dlYiW8rvt648iE4Y8YcdP

Score
8/10
persistencepyinstallerupx

Malware Config

Targets

    • Target

      Desktop/app.cp38-win32(unpacked).pyd

    • Size

      477KB

    • MD5

      3aaf62e0238b4afeee5ecef747cbe814

    • SHA1

      b90b3a66037aa76c523cdfe6a43447af4b8baa27

    • SHA256

      dbfc108a6b692d82a983e4c01c2a6fb04db7d0cdd92725210e26d3122f2c8d34

    • SHA512

      03faecfab591659ee1a57c8e4d067a15deb5ca85cc3b9fe329b2b048e6ff2b6dfa874322560b6a8524b9f2cc31cf56d6fab5ea074b46bbeb94b9df293d66aefe

    • SSDEEP

      12288:CbMYzeNniL3yNjyqIYGB3iwGFVB8aHh3g:C7zeNiDyNjyqTG3iwIRg

    Score
    1/10
    behavioral1behavioral2

    • Target

      Desktop/app.cp38-win32(upx).pyd

    • Size

      155KB

    • MD5

      0e16eebd2ed5a042d665e3cadb67b92b

    • SHA1

      072d240df51881c79d618dcf4ee7a8c595eeea39

    • SHA256

      92dcbc0560ae173e4152613874ffea7b1b87fcab7f1bcd17e1b5384ca2643de4

    • SHA512

      468b43ce82de2faef0430c6f5192053cdda5934c62fec11b57cca0fbb7634880c339dd87837b1dee3f59147d6ec9d1418de00bcdb8bccc3895f895b1d588545a

    • SSDEEP

      3072:6h1DUBRkkAkTcj9wUaqnOybytT49GIdFPKrhKSeFIpJn3out:CWw5RwPqndyODdxKrNempJn3oS

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      Desktop/drv-loader.exe

    • Size

      215KB

    • MD5

      e6bf6f860ae8535d3a117bfc504a238e

    • SHA1

      68e91a7285fd8e60acf5e539d3fed5d4d9c28819

    • SHA256

      ec9bcdd47b193031b4f1c7cc7365dd1bbc2ee96054f87e1d19d836d37970e076

    • SHA512

      424d823de466d89e40ae38d567801ca29a5fb3b84fc85f583d375f3449659ffe7ab8c5de9c0bf8c44d4a7b0de12b63a9dd34a0f61c1db3ee88bbfd475f114ece

    • SSDEEP

      3072:vrnDhRxeZtsGP48Yngbq6CYQ+3Muj6ALY4hxiEUvXWaEoYSvZxJQCQKxb:vrnDQPpfbQ+3MlEnvgXWaEo7vtf7

    Score
    8/10
    persistenceupx

    • Sets service image path in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Desktop/fw1.exe

    • Size

      8.2MB

    • MD5

      31a79e3fb3c1bffad1557cd7769d4403

    • SHA1

      3b7dd1ce4071bf6cfc80c553936b5478211eb3ec

    • SHA256

      d6dd58ef702737a3311ea62e11360072a1b5fa160d155f18392ae7d40a6f9848

    • SHA512

      d1f857a6b60679f7cd928527cf6fd948ac4001a7f3e85f280ff10513085b8fcafa75aec7ba25126f28726945d2489c69b4510fa629f590d4daaa2ca6c222eae7

    • SSDEEP

      196608:n6sbcUdUnYc0o5Gd7+lLgdIpF24mA2W3XMgHMoQ+FBxY6Fsa9:PbPmYRQK7+hAIrE3sMgHMoe6a0

    Score
    8/10
    persistenceupxpyinstaller

    • Sets service image path in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      Desktop/kavservice.bin

    • Size

      33KB

    • MD5

      c419d7a8bc1cd5fe0af3ce4637c4d8a3

    • SHA1

      be80f4d2a669f60354703a21daffb7b2128de190

    • SHA256

      e055fdfb914e3da936eb7745acb665f50346df9abac597cf43d487262a6a12d5

    • SHA512

      b4df304bd6045e458bc7577db89fa91c68b78189e0c2a9e705fc770a38ee17409e690a47ab7c07b3251f21906ce562b770fa861cf94fe6d8d42d94e9996515a1

    • SSDEEP

      384:cjOj5Z50MQiYkNy3/uP8E9VFDPx26ki2dg+isDSfMQiY9/uo6ki2dg+iMBqCPxhk:wAPn0EJPxJ2dMabr2dM/CPxWES

    Score
    1/10
    behavioral9

    • Target

      Desktop/某个模块内存.dmp

    • Size

      88KB

    • MD5

      7489f67832eb4b7bf752354638237c4d

    • SHA1

      488e6b5e820bda493dfac46558a2b5dc4d536085

    • SHA256

      9fcba5858d6a82f073e0167ccdc42064b7615bdc1cbac6ce2efe4c5be162d1a4

    • SHA512

      b28c97548d0f206a6b90ef9460d0165a51ba26c9fcf8071e73c8ff991b0140ef7d6b1eb047e37ec9cc69bc574a90c56b0b14ce6d2aeb628d7d0631f008ade846

    • SSDEEP

      1536:bksTsenhY8kwtuwL7hSm1Rh+wIOdnToIfAUfegGHE:AIsEY8mwnhS1mVTBfAUf6HE

    Score
    3/10
    behavioral10behavioral11

MITRE ATT&CK Enterprise v15

Tasks