Overview

overview

8

Static

static

1

YoudaoDuiaSrtup.msi

windows7-x64

8

YoudaoDuiaSrtup.msi

windows10-1703-x64

8

YoudaoDuiaSrtup.msi

windows10-2004-x64

7

YoudaoDuiaSrtup.msi

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YoudaoDuiaSrtup.msi

  • Size

    102.2MB

  • Sample

    231209-rjnbyagggr

  • MD5

    6dfa01c13a071656051a59c12bd3a760

  • SHA1

    b78d087029e220baa2d2e204515da2eb4c2d9e8b

  • SHA256

    7849fe61a8b3e0793c59a3f35d016416be77d65c6ca10e6a5436a972b9fb5156

  • SHA512

    8f348de3aacdfcd7aef38d86b9f95fc2b3c7768164d2210137f8eb0f4db6b5bea922ff6afbf786208487362b967744c772dbbef438e2dfd24c1a244070453c82

  • SSDEEP

    1572864:WEbB12iidE/5zM2fr5Z1fSAoyeldvp2BB9oH5irfdCT6a:zBed4zM2fr5zqAxqdvkBB9y5ibsea

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      YoudaoDuiaSrtup.msi

    • Size

      102.2MB

    • MD5

      6dfa01c13a071656051a59c12bd3a760

    • SHA1

      b78d087029e220baa2d2e204515da2eb4c2d9e8b

    • SHA256

      7849fe61a8b3e0793c59a3f35d016416be77d65c6ca10e6a5436a972b9fb5156

    • SHA512

      8f348de3aacdfcd7aef38d86b9f95fc2b3c7768164d2210137f8eb0f4db6b5bea922ff6afbf786208487362b967744c772dbbef438e2dfd24c1a244070453c82

    • SSDEEP

      1572864:WEbB12iidE/5zM2fr5Z1fSAoyeldvp2BB9oH5irfdCT6a:zBed4zM2fr5zqAxqdvkBB9y5ibsea

    Score
    8/10
    vmprotect

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks