33af3e0f5884bfae36bf081b9eb0ca696c9d3620e74255f72ef1291983e49213

Sharing

Copy URL

Twitter E-mail

General

Target

09c74dae6a419a7e8471ae37844ad9ca
Size

5KB
Sample

231224-wg8mbaccan
MD5

09c74dae6a419a7e8471ae37844ad9ca
SHA1

52a332ba2ffafce27cca50a3250979abc172d5aa
SHA256

33af3e0f5884bfae36bf081b9eb0ca696c9d3620e74255f72ef1291983e49213
SHA512

ce84df409d661002353ec356ef7686b6e5c941f5353435f9dcfd390a805207dca8de39e6d46bfa1a314b33b33587ebdea876f3a1ed7ce6b77343a998cb54056d
SSDEEP

96:f796ASubBbZ+Wf2ZoCWyObdrNvQ9oXMIW4u/vlOuRql0l/QWWXZa+ZBCH7exWujT:f796ZcDf2OCWyo2C0RwP0eXI/HixXsyb

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  360.cmd
- Size
  
  1KB
- MD5
  
  67240c407312315393794e9b65d1e8e5
- SHA1
  
  810b252670834678fdaa057b39e07985a029be7a
- SHA256
  
  0a29a7d11891968f5a4a6eb615e87a428d5e93c9a48908c7a1de7cf5a40acf22
- SHA512
  
  897bfb0b8b9ca3a315ff72b9c937aba50ddb88dd28ce3d8f156ccb01d008e566260e317364966fc3fe59a6f78017ad3924f32dd6d4b4a170550edc55b62bd3f2
Score

4^/10
behavioral1 behavioral2
- Target
  
  360SE.vbs
- Size
  
  194B
- MD5
  
  6b80c52f50e5365d484f500112c8fc4e
- SHA1
  
  1199341427821b402d5d2047e1c636132cfc1fb5
- SHA256
  
  934b4f7b2d356ee10e4fa8101d02bd32b9812af08e579b3407309b2102e2e381
- SHA512
  
  bba9444a31536d3364ca484ed0d167f77d4371cf25d7d0bbe33c154557f957c154a708931eda7fa4bbaac0e7c4150a4dd2021d5ebe73d500f72406eb599359fb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  361.cmd
- Size
  
  567B
- MD5
  
  feb810eaa38eb0890ad2034d322e4c79
- SHA1
  
  a7c7ddd0bd405b949ddbffed364269d145ee78e4
- SHA256
  
  e346f4ed81e3e7974c4a9978789fc08737abc4c7318f31d747b1ad23ce5bf800
- SHA512
  
  f96b5e8129ab8fd4703a2e4bddf4245e9c4a64a8d69663f755386021cb8fd34a75bd0fa53b4579145bf50be2948d9ae5d0f4bdb556ae73b4cc85e6a2130f5ab9
Score

1^/10
behavioral5 behavioral6
- Target
  
  36OSE.vbs
- Size
  
  186B
- MD5
  
  662f2165658bc093dd1034e1fa967c19
- SHA1
  
  dfedd96e1beffd2f55a6c695bef3c02d9210c1e8
- SHA256
  
  8ae7f05d4c5adffd642515452ca81ec561711d244ef075da5fe654fee6528587
- SHA512
  
  ba3834b019150dbeef6bf423688b37888da75b868621b1f5541c0f4c4df145397d38d9adc26e363a59ea75909aa38d822189b04e87dbaa6273f9a59dba141a18
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  36O安全刘览器 3.lnk
- Size
  
  728B
- MD5
  
  5de7d18cf225c0ba1372cf5116e59aa1
- SHA1
  
  33676f13b1db5ccee2e86051621d885dbf3d67be
- SHA256
  
  e0165bab67739a877386522ea0ad81fe7efda9761042ce5fec17f2598c46bda0
- SHA512
  
  51003dc5995d267f32baad7339d18dd69d5c5302026e7ba9921161d42c3691d0c41497a2c865f248c19bc9c24a14844667707dabc0c722baf72ea93b72bbea91
Score

3^/10
behavioral10 behavioral9
- Target
  
  36O安全刘览器3.lnk
- Size
  
  1KB
- MD5
  
  66638d05f1edfab2f44526e99ec1c08d
- SHA1
  
  e06b8e5a4969996db01053a5c3558fcbb2065c88
- SHA256
  
  9303196dce4d4c98c6ea3568b10edacedddfe99ada0179b649383b46b6bac58b
- SHA512
  
  c3e0a649c8b23bf2ed935146b66b655187c72420e4abffd6cb6cf099ee98aefe84f92db118ab860ea2c3cbb6c78424f025d788548053d9ab3a4f273f156056fc
Score

3^/10
behavioral11 behavioral12
- Target
  
  Internet Exploror.lnk
- Size
  
  104B
- MD5
  
  b6090a24bad18a0205bb215cb1fd42e6
- SHA1
  
  da56e637a186333e1fa8401b9600e9efcadbe86b
- SHA256
  
  5cf73d8ba3a6656e804041884cefc0148c3ef80fd4b8633a6647a033082f15f8
- SHA512
  
  4ca8a5cd200eaf8d8a023c47e7a279e41279c045bf567b81f95e93ca25d5a51dec2786de98efa5b907ec5633c8400e497f6bcaf636d4591d7c42e21ec3039ad4
Score

3^/10
behavioral13 behavioral14
- Target
  
  copy.cmd
- Size
  
  1KB
- MD5
  
  505cb6fccd0e15d878b8dcbac64ad4d5
- SHA1
  
  9b49f5035dd7855646d94bd38cb500805f7829e4
- SHA256
  
  c4b7e33e97a94a80aea645e8f8601cb3db420bc5a7f828abb93054c2f69341f2
- SHA512
  
  bc5b17105fbbbaa3af7a8eb0708d379a3206eae93391939584503096a7e8eb260dacb75efe7b82d19fac4c4c2921cc9df36269977cd840c1208905ed08e7771c
Score

8^/10

evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
behavioral15 behavioral16
- Target
  
  cpa.cmd
- Size
  
  26B
- MD5
  
  70d1fda1955129df6366d9736fc6708d
- SHA1
  
  5c408345b15dfd6e9f68694f5d27ba5e1107fd98
- SHA256
  
  bcb64c2630830a92cda12c8cc449183d663eced283d351877b93956cf352ee3e
- SHA512
  
  52d0d16eb39d229667dce1fa4119419fb8e1736ff0b953e8f1cbfca594a71a30b65e63923aa591380603578ccdde6ed817ff29fe38f0f9ee9db9495991437958
Score

7^/10
- Deletes itself
behavioral17 behavioral18
- Target
  
  ha.vbs
- Size
  
  1KB
- MD5
  
  97b8dddd4361596cdeb6851a0639d834
- SHA1
  
  7f35a8018d53777c449b9703a867c0f41b542e62
- SHA256
  
  fa554b0be47bc18d0992bf700e8495ad29237d88413faac60cc1850a51dedb80
- SHA512
  
  d3103e2bd9c5e272ae7f80e27c62ca70ee06adb6b6c85b2c60f34e781ed54f140caa1cb4f0787256e4e66cd47dd4047cee0bb50a13bac581a05f47d904009f4b
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Registers COM server for autorun
  persistence
behavioral19 behavioral20
- Target
  
  is.cmd
- Size
  
  95B
- MD5
  
  5b3aca86e0c9eaf57e4d29f4a9f11571
- SHA1
  
  2300ea98a75fdb1f8c72da8a758a1885e4441469
- SHA256
  
  4cc6b5c204f0568f51ad13a04e4b3522256c558f36c656d5038b1871aacdb308
- SHA512
  
  eba2b1725c68584d5521e945a5f004216fa4b9267f2c6d39cdfeb7b4c8ed17a287be75c5b2f8147d785c35e69835de429365a212f0ed51c904c49a9efddd18a6
Score

1^/10
behavioral21 behavioral22
- Target
  
  runonce.cmd
- Size
  
  11KB
- MD5
  
  6e419580c83dc37ea0d4180edf970d8d
- SHA1
  
  925a3a9bb26c499419a9af243bc2c7cc8269057d
- SHA256
  
  b9106c1bfd52fc13d097951b44d3f6f2023f5e31e9bbbf8dbccf8aad3b6adcd7
- SHA512
  
  9021fff118365e8d384ef7ac41779ea6eca60ff30da2d8d1e36a8382594847cb6bfdd0d614cee3c2cba6c20b998020dd2289ec642b6380691b0e8548046cd3a7
- SSDEEP
  
  192:/g5FLWfHOgMRFRY2GzTjiUY1pNcaSnnvmIUJYI53TWOC799AGDvUOF5QxyJtQmFK:/g5FLWfHOgMRFRY2GzTjiUY1pNcaSnnm
Score

8^/10

persistence
- Creates new service(s)
  persistence
behavioral23 behavioral24
- Target
  
  tool.cmd
- Size
  
  3KB
- MD5
  
  d7eece295819ac643894e11ec290fc16
- SHA1
  
  eaf976563ab1d54ddbb538846f21d80663c0482b
- SHA256
  
  00057dbc21e30cd983f4428934333acc1243bef2a7ae3e89ccfed37aaea35aef
- SHA512
  
  61602cd5b19a9f3d65c52ec8b393081949167496ec02420fe403e5ee63a3f59f29d367246af4a6ba3a6437ea46759315f6e1721fbd44f84878b548e61d261036
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral25 behavioral26
- Target
  
  winare.vbs
- Size
  
  995B
- MD5
  
  ca800c94c5577bfe494c00298f8d4bc4
- SHA1
  
  41aef2500e443dc7a1c614ad8a38dfd1035a728f
- SHA256
  
  e4004d757e7cb870d7846ff7dd328afba5a2dcc49e7fbe73c0d1c42e720d56b4
- SHA512
  
  ef38e3973685b3ad5bf4ca50858b6ca24756ea63eef955af2e9ae3d7cc86659ef37267e4bbbca938b143fff692ac65dfe64c37d9fd9ae6598650d8505dfb3bcb
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Enumerates connected drives

Sets file to hidden

Deletes itself

Creates new service(s)

Sets file to hidden

Checks computer location settings

Registers COM server for autorun

Creates new service(s)

Registers COM server for autorun

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28