36d294f116539fff1f6186b1ea74a4b9dc89b7c4ceb2874482b110d46db63984 | Triage

Sharing

General

Target

017fcebbb0a3c9a5a0f1e1b07e959965
Size

2.6MB
Sample

231225-dhg7msegbr
MD5

017fcebbb0a3c9a5a0f1e1b07e959965
SHA1

e4f792aa3b888d43e4ee63dc123c28e7e3b8a492
SHA256

36d294f116539fff1f6186b1ea74a4b9dc89b7c4ceb2874482b110d46db63984
SHA512

d615abb81964f014db0d092a201512d029e35811e3ba79b6253ec06c2c9a3d6fbf258b7b096829b7a545b7adae0bfe83d65511c81b05582a3d380e197696eabe
SSDEEP

49152:9hWEiIkJMvjSxOVAAFNobHldmqJT4ypgbGX7FfARsd44HHBEReX5bncput48zR:bW/tJny7obHl7JPjX1RHHBf5bcpuu8F

Score

7^/10

Malware Config

Targets

- Target
  
  ha_PowerDataRecovery/BugReport.exe
- Size
  
  240KB
- MD5
  
  9582a1e1cb8b21f7780c6061188230e6
- SHA1
  
  3c6d62c70b633e1f505644bad90e37bff33012c5
- SHA256
  
  24c4582ef333f3744f1335f5262c1fb95f2a4d103f53d6da9d1e1d0d32b425a5
- SHA512
  
  298ad71c1c39e030439be5aa4c68bdc05e2538e52fa81fed79912e8ff9036cf1e263758e4dabbb78e7a8a2deecafd587a76c2fe54fdaee608b322bfdf05f1231
- SSDEEP
  
  3072:hpTd3V5KBDeN8NrZCQjDVb2CPWspfaX5Rq2hdeRZQthUU3Bp2oNlBKPnD:vTlViNrZCaF28hlk5Rq2eZ5YWP
Score

1^/10
behavioral1 behavioral2
- Target
  
  ha_PowerDataRecovery/GdiPlus.dll
- Size
  
  1.6MB
- MD5
  
  cdf5853178ed7f8d6623de8ec329a33c
- SHA1
  
  7bdc270d994982e22bce8d5b994bd6da185b4a86
- SHA256
  
  a18d814fcf6ed4ce37bad194bef77cc5e466c08b6467e82f0f4c518f4c84e50c
- SHA512
  
  ffcf8ddc0f1653c282753f22a95c8ae8c7bde25154da48d0b3ac22ea28079e4307fd82846e22dae69c4b8819e71eb45b9a412cbb756457283df40b29b0edaf38
- SSDEEP
  
  24576:9APRWt8eE7zOQTWaKi5lBoUWAP6qyVyiHfIeCtpy9lR3/8wHz5U1bo/e:qFhrLboUgqy3IeyulAsm
Score

3^/10
behavioral3 behavioral4
- Target
  
  ha_PowerDataRecovery/Help/English/index.html
- Size
  
  9KB
- MD5
  
  a3bc739eb4f81fe1bf3b8b3f36b3078c
- SHA1
  
  1a74e89ad0cafd3bd2dd8f0c2428afe266bbf092
- SHA256
  
  e55bb0d793be454391182ea01ee4ac70a521d2c0e2923d8f08938a4c4fa4aabc
- SHA512
  
  65ca8856281adad7f8fd03cd4defeb85f73579c737bd3c006fa5a35cabfd431cd2d3c2ec491bd39f2caa01292b31c1fee98e0bba6c7d2b58b9628c489432ecef
- SSDEEP
  
  192:V+sQn7qTe0XcQn1Lv/kv35I2XJ6QducfY5Gv3cesucQlvDIWgMtGcZpjHgG24NCD:YbFiJv/4JIqtw3gNOd
Score

1^/10
behavioral5 behavioral6
- Target
  
  ha_PowerDataRecovery/硬盘数据恢复软件 V6.5 .exe
- Size
  
  2.3MB
- MD5
  
  13966f8136b1dc53952aac6b670fca0d
- SHA1
  
  c75c52dde33ccbc646591ef0ce04860697449241
- SHA256
  
  534ad7bbb020db176362ca031fefcca014d2672658d85a57d28921f5624b8415
- SHA512
  
  fcb8a2c1be59fd69e2893b1d0505750f75e231f3dd075d8a15f7c986fa39de556a82f651d83af7743374bfd6b17e72cf4cf7ba3226594d879018afe63e81b164
- SSDEEP
  
  49152:v0uJa5sLTHUgVatJ3ROSlVQXRVPECXzTUNPKnoKiS:9aZg4tlISlVQXZYBlS
Score

7^/10
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8