39f01d34065b63c350a3ffe049e03e41c7365b8ca3b603f7e632bec90c3f8c60

Sharing

Copy URL

Twitter E-mail

General

Target

3b9347dc4e2ca00b974e68530aaf04a5
Size

13.1MB
Sample

231225-zca22aaadn
MD5

3b9347dc4e2ca00b974e68530aaf04a5
SHA1

69cc347d3ed834d547dfae52d7969b6593ffe2b8
SHA256

39f01d34065b63c350a3ffe049e03e41c7365b8ca3b603f7e632bec90c3f8c60
SHA512

69afab82a39cb84c8f5813389fdb12de163cdd6565b6493c612077daee101a83f96b80e00149b0792d9634e5c7691ac457f8a147815428c3c4acd19ea34db264
SSDEEP

196608:peXoKg5NP+mmodVJu53od97uWEe840Qp557dHpglxNjuiUqVz3zX4uIMhEfs9:8Hg5NiodVJuEt84d5JvGTiiUmD4uIx09

Score

7^/10

Malware Config

Targets

- Target
  
  MirServer/DBServer/DBServer.exe
- Size
  
  382KB
- MD5
  
  d7a8eec0e18be329c93bd2095f0df1f7
- SHA1
  
  f2b90bd2c0013ee4a518ad130bc481606dd9e3f1
- SHA256
  
  3cce2cb4ff76b4ff4362699003fde1375e82a05932794ba09f0809f287128922
- SHA512
  
  8719727a47803c95df24095aa7cd9c8af19223d6d59490117cc589c62ead8663583a35535bc7e8ea92dca40feba7c95958be7cf539319ed827564ebe8291a871
- SSDEEP
  
  6144:YFM/VTFE7hlI9yNgX8fIlEIS2qVUDA6rGafN8mscrEe0PyIEVqmQ5iJCJt6U3pRG:CMVe7hlM5lEZ6AhId0PtmGKe7p0q
Score

1^/10
behavioral1 behavioral2
- Target
  
  MirServer/GameCenter.exe
- Size
  
  267KB
- MD5
  
  935ed40f01658ce10baef215912a3422
- SHA1
  
  43042f9bd9586e3a0c41a6370c1cefbf198168fa
- SHA256
  
  eb81deb3a6676cb16d3f3520989b2fff5bcdd5a73dc145e42d4113fc1056c2ba
- SHA512
  
  a42feee8dad0801b84e481deaf57a11b476cc6f7d785860726211161c17e1e4033ae3017d9c562a58ed5885ad583c4ffe346bc19e9408d99fa8a641c00f6fd9c
- SSDEEP
  
  6144:YcERY7dT6CLL6jbX7f6OJbYLIQDeXZWifmjzo5:6mJeCLLEzjbYLzeJJfmzo
Score

1^/10
behavioral3 behavioral4
- Target
  
  MirServer/LogServer/LogDataServer.exe
- Size
  
  421KB
- MD5
  
  e8fae6abd9cfc6f32821f5c7366ea64f
- SHA1
  
  e18ba551f9ed5a258e6bb8efca394f3aff1cb246
- SHA256
  
  1926d958983a59b78c0a212b68e6fedcc24e8b920a41141fec5787f96fe023c3
- SHA512
  
  acf7ef1cf96c7a33fc1afb7943b842fed7bf9c7108f43af904fb60e3f485efecb94ca0f7cadd7010c3d513d97c494a618842dbdb29e6d9abc0881ff8e1b91098
- SSDEEP
  
  6144:Ndu1qC4u63IVhYKjrDx/YD9RT8ZFpG3Lk5BoXWTzNbTuqdYm2OwFnl:q1h4b3IVaqxivwFw7k5ltubNFl
Score

1^/10
behavioral5 behavioral6
- Target
  
  MirServer/LoginGate/LoginGate.exe
- Size
  
  212KB
- MD5
  
  700f370afb01ec1e2d5be6d92ca30dcf
- SHA1
  
  2366dada79cf49b1802962d387107637099ff3f9
- SHA256
  
  30aaa1a59c1b295e26fcff124e5b8474458d6c972de4f36982105ca37f63a0d0
- SHA512
  
  e61c8a08089d25b4ff2bf46e4c0c6df0c1992d7158cf5bc9212adb096daec0f6edc2669d5a5678be86b6e42581b03521a64d9347ef5fb54066220ccddcfb7ad9
- SSDEEP
  
  3072:G7v5I31Wr7Rm2pfna1vES43tkM3wQPyfrdHDOilQAM0csASL5Nqg3JnIZ:G9g1WrkRES4Z3wJxDJqh0cs3UIN
Score

1^/10
behavioral7 behavioral8
- Target
  
  MirServer/LoginSrv/LoginSrv.exe
- Size
  
  246KB
- MD5
  
  7f5de1ca3a879695e175b4e4261eb5f4
- SHA1
  
  90f89b980c62e8de88fd4a880ede6117981b8139
- SHA256
  
  92c6dfa26a49ba334778a928b6f0a39b46d123a87a47e6f713d82b9d14f139f8
- SHA512
  
  febdebc98eb9c0d08a6c59fb7fce48e47dbb8a348203f2ead5f27d19deaf1e1bd337adce68a127bfb5bf322847b70351c65e82669ee4bc3fdf6211faf9154485
- SSDEEP
  
  6144:3CnpCPZNM9ouEX6zWiUvt61g+C88XQ5SGA+:3CV9BEqzZUvtL+rX5S3
Score

1^/10
behavioral10 behavioral9
- Target
  
  MirServer/Mir200/IPLocal.dll
- Size
  
  167KB
- MD5
  
  bbf62130e7a5966a2b7b89411ad335c8
- SHA1
  
  9f6a0af9525cc6b6df479d3d511e06200571c1b5
- SHA256
  
  da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
- SHA512
  
  52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
- SSDEEP
  
  3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK
Score

1^/10
behavioral11 behavioral12
- Target
  
  MirServer/Mir200/M2Server.exe
- Size
  
  1.1MB
- MD5
  
  d195231bd76fae92717f768c8ce955a3
- SHA1
  
  27343d2ca343cc20b9cc50682cd62c9565924773
- SHA256
  
  16528c7c0a449d3dc3c569ae412886e579b8efe6ce4a27665175b113675f0a79
- SHA512
  
  3713df142b4cd2d53a80f91e79c5fd1d484e898d37855b47153c5e881eb18149e11c0fb1398b868f0ce5c45baabdc4694d16d6316a0f5d437b0ee20e817b9972
- SSDEEP
  
  24576:uvf+2nh9rbWn/L9re8IuRRxnPFfSyvsShagqNVYWtyH5n+:u3lwBrlIuRFlv3lgTIn+
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral13 behavioral14
- Target
  
  MirServer/Readme-说明.htm
- Size
  
  2KB
- MD5
  
  1a919a1a4999d56a1defb343667aac28
- SHA1
  
  f56134f9bc67aeb242ca6c19bae4c347ed1a9206
- SHA256
  
  faf1518bba5019df39d5337577be9fabee9055d7fcd1ea252da60cea3b7d4f9d
- SHA512
  
  c51893606073f3e767af9e271b43a2090e88dfcea367a1ec28deb7a0940767bde14fdedfcb2338af409c847622d06685807e4bb5c64899cc9618d5f2e8c98d92
Score

1^/10
behavioral15 behavioral16
- Target
  
  MirServer/RunGate/RunGate.exe
- Size
  
  735KB
- MD5
  
  849710c7e376436435023d82fe45fa42
- SHA1
  
  60876119ab8a011378443515d4e4f74a057b1806
- SHA256
  
  41d16008ea64c13e737d734d2e091653ca5cd4ac42516a061dbdf32309d29220
- SHA512
  
  1264fcac963268638e53b27c695b31466d8f30ae52c66e5e2379f458c26d25971b0061ca2f2d9c0be532c7a5d5e5f43f98d9fb1e8659c87625b20f000131f7ef
- SSDEEP
  
  12288:Ie6Zh57bNM+BKQ3BrbuE9mU0ZmRE/1XK4ybr0yV:f63k+BPveUE+EtLer3V
Score

1^/10
behavioral17 behavioral18
- Target
  
  MirServer/SelGate/SelGate.exe
- Size
  
  218KB
- MD5
  
  39b168c63ff9ff7c7c038764408f0ed5
- SHA1
  
  9505ec9a042d613977c13aafc393699bae3723b5
- SHA256
  
  3def74e6ad351b323f45d426810453da6cd2f3a62e357662e4bdf0f7e8e4347a
- SHA512
  
  12442affa0cac2576dc2cd3132087cf92c53db927d10b2aeda86db8325b6251c9a2a6e02e1f38b488d6f3fa21bdd3ae6ce348f9bb09501b9a89e5e7730f15e41
- SSDEEP
  
  6144:omX8IUzaCM2XUImekpnQGgTICzHgaKcxhxOdpF:ZX8IkMxvek9QGgIMHgaKcF4
Score

1^/10
behavioral19 behavioral20
- Target
  
  MirServer/上万免费版本下载基地.url
- Size
  
  185B
- MD5
  
  43e34354e7bec58e764d4c5750c9e149
- SHA1
  
  14ba4e002749cfa3f45382f30430626a588d0bae
- SHA256
  
  cbb1360827e66a21340959a77bd7bb102d8aa534a29dca8943bf9e004facd62f
- SHA512
  
  90df576020c6dfc578a50274cc062ccf074f5b5619a80be9a07fd3021fb7258ca04cc1e9c8bd2c1b1cbbe1a49d0bc441ea4330b9cfd72455f3ec5a3b7064571e
Score

1^/10
behavioral21 behavioral22
- Target
  
  MirServer/中国GM资源基地.url
- Size
  
  306B
- MD5
  
  db4cd138e0eb7ddda9b28334c2e5774b
- SHA1
  
  5e3b9479b2d7f50a7a182bf54297d858f36b9e9e
- SHA256
  
  1902fb5b26337e41bfdddd3498c4109d6e06375554b6fcbdf17ff163f90d33c4
- SHA512
  
  368e7809ac6e6590a11985120427f6a04d4c235ce98bd288037499cec6a5216509ae5a06f37ec69030b2d7a300bc1d3fa62fe56440094761ca89dfdc0603adaa
Score

1^/10
behavioral23 behavioral24
- Target
  
  MirServer/传奇服务端下载站.url
- Size
  
  306B
- MD5
  
  c71d32032df2b478d1e74cdbe7133b4c
- SHA1
  
  fe5730335c1095815d3eb35eeaee99630598eb4c
- SHA256
  
  93ff64348507f5ae2f1857a4765b79be16a73b5245498bd48dc81b52d8e21258
- SHA512
  
  a30f1816034eba1c45547dd14470f90ce41a7c14194d09cf7b4c10692f203cb2f86c94668ceddabf4285fdd3d188fa9e37b2b1e367d3cdb40f3ae77b86cde5e4
Score

1^/10
behavioral25 behavioral26
- Target
  
  MirServer/完整商业版本下载.url
- Size
  
  185B
- MD5
  
  990e7f720f625ae182cb48d4c790f5c5
- SHA1
  
  20275af8fe8242c1856a0da4f6c21e669fb48d4e
- SHA256
  
  3edc22d7e368882873840eefbc3d9de30077c3815f457501c74d3936152256ee
- SHA512
  
  edde510b409ab8ab43cd0ef119965970ef73bca33c08d84a78fe504af58b8d8b695deb72ccfd658771ac1c0fbc48eb91608ce185eaa9b7795bf58a7d3b3fffd2
Score

1^/10
behavioral27 behavioral28
- Target
  
  GameLogin.exe
- Size
  
  2.6MB
- MD5
  
  a4b1782cb5b0ca57eaf61f155325cce2
- SHA1
  
  fd51544776495edc72a3ab2fca4c12651cce9492
- SHA256
  
  26adc592bde17f5a04f6c249843e2ea5f3aa084f40f65e8492f2fb200ee2b093
- SHA512
  
  dfe22e9b59065f18d5874032d9a31212efc6f38b46ecea3703d402569e3e8bdc0832bfc80c3a3f1a0e2625e8a3c710b829e1136902ae47f7021df8bd879be499
- SSDEEP
  
  49152:7hOUzC1ADih/xH3Pz6rOVa2HNO7yslNivNQoG3Fr8J9+tp9wo2:7hdzCuij3qITHQmgivNUuJap9g
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral29 behavioral30
- Target
  
  MirServer/王曙影视,最新电影,电视剧,百度影音.url
- Size
  
  160B
- MD5
  
  caa45e9b7ebc6c70c6fe58f554f7bd14
- SHA1
  
  a43d7411c2d0cc06613a20e0cfe5ca0fd4025202
- SHA256
  
  780d5dd21eed836df9e9eb9ba9ab715ac68e10bce71ab5d29d54e6def8b92b55
- SHA512
  
  449e3c0c7b8f66829f334e29bd1eb6ccbce562f99439496a4fb13d77a45da4d91851fa272c6d723b7281175b665e3858ca5a6d0df36359d86bf789f4daefaa52
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32