2d20d733d9d4f65d0f2bd09edbc294e20736b6e877439f836061d191785cbd1d

Sharing

Copy URL

Twitter E-mail

General

Target

4afd2143de2a4949288f40429040d016
Size

2.3MB
Sample

231226-cds8nsfdf8
MD5

4afd2143de2a4949288f40429040d016
SHA1

d1651ecec8a829153dc6c35850227dd71a9a7f99
SHA256

2d20d733d9d4f65d0f2bd09edbc294e20736b6e877439f836061d191785cbd1d
SHA512

2a87a4568308433c8b6f26e060d8143b24d863c04615064acd4cdcd5f08c9a86336fc1cf88ac030b9580e42716ce805e77c2412da4ac45d27e7055af7ec0e2a8
SSDEEP

49152:5iwUrb8N5mmnTaG1AfV58TSlUkcnyoBs+H/JpIIrXgF/hwsX/de:IrJMTa35h6yIf/FrXshwsw

Score

7^/10

Malware Config

Targets

- Target
  
  ButterFly BotByZeRo/Butterfly Wizard High.exe
- Size
  
  1.3MB
- MD5
  
  1c06e24dc17612c64638ecc9439ff588
- SHA1
  
  b8c3cb71634fd420ebf8fd332973c3fbc9fde419
- SHA256
  
  cc4deffa08046a112e2c5561ffef6956fa32adf74e9a02815da6a180edefa8b1
- SHA512
  
  7ee58d916bf0198b64d702173081b06380dd165b4c78f6a8d348e9758c53813b2f670a0a7d9b8ffcb6ddd6a4ff29be845504ef7b3fe9b6fea10f898f6204121e
- SSDEEP
  
  24576:C/SS8OuGgzOKH8HTPWcXtwHW4l6AFA7JAJ:C6CgzCzpXuDUAFA7JAJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1.exe
- Size
  
  993KB
- MD5
  
  4aa584c685babfb5932b9c3e710c61ff
- SHA1
  
  ce376dad1412e4029a07727726a69d01525c11ea
- SHA256
  
  459fefdecc9d991ce2a0feca8908315c2bcb3abf78cb2309ccb08ab2d28567cc
- SHA512
  
  f8ef831e4411aacee3728346787168a04c76d66e1490a937829f231ce040632b0b41f63abf0bdba95a5ad1bbabf23043e77d44b460de4c4cb332c76df56789e9
- SSDEEP
  
  24576:ZI39djR0P6GMaYctGUlQ+lZhxZAE2HCLULVpIAYfU:Z6dIMa2UzZhxKCLQpIzU
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1/gamelsp.dll
- Size
  
  100KB
- MD5
  
  427b8ec85ca6634d5e0e5e307c44aec3
- SHA1
  
  58ad5065110b3086b6cce10f25826cc6ff3e0f12
- SHA256
  
  b85967d9d5523fe64be88e6ae1a9c0e516dcccaafa88797b58e1d8ee7a80321c
- SHA512
  
  0a86ff9b8028d95fed54703c23edd5e709665f207854d1e09035d095dbcb92df489b96d949dce11e6ed965b3b8c474ada568709e893653672d04bf61226df891
- SSDEEP
  
  1536:jQzRGEEg4DFDKSPqpuHttxtcPRQ3OwPd03qBS+mtF3thJV:jQzggYHPfHsF3qE+mtFdhJ
Score

3^/10
behavioral5 behavioral6
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1/gameppp.dll
- Size
  
  100KB
- MD5
  
  2ec3b6f1997a2964643b93901b2326b9
- SHA1
  
  8199d049ffb46d56d9a9381ed3539926940aa3b2
- SHA256
  
  cff7273714dfc7480404b1ef408ce5d8cf9fd7a5963d5bfbe0a28566fe40c292
- SHA512
  
  f87a2045e9906d6c71b3511077d4910acbd6c80892a0cbc7692665240462dda6e759cd38d5f3f0151867241a43eb1da3c27a9016d9dc333df94b0203d9b6b241
- SSDEEP
  
  1536:ART9in0VNA4qHF+TjzWm9TMxvP/7a7itwTD3:2ByrHFketwTz
Score

3^/10
behavioral7 behavioral8
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1/gametcp.dll
- Size
  
  1KB
- MD5
  
  94090a29b65e9b797672c3b5b96eb6bd
- SHA1
  
  0b334327073a1fd69b23baf9364ca2906070caa5
- SHA256
  
  bc13b406a0940cd6b46b82508b2d48b81cf6d0c48ec2ba092a8d49b3ceb03e94
- SHA512
  
  6137135330a1e5034d540572d0d383c0485fbed7b0e0b445ec246b6b1460d57d8674cb0789fb28de57dfba810df932d2abb6fef43c4fffe90815b521698483c6
Score

1^/10
behavioral10 behavioral9
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1/qqdaili.exe
- Size
  
  645KB
- MD5
  
  c121238d920b2a0b28ab2ddd782a4411
- SHA1
  
  2bd613e12710fd78c974fea87288cb9f74dd995a
- SHA256
  
  1dc018e3165865a9f2e90730f1f862a50194a900e256e903516270d7f4559ad1
- SHA512
  
  0d7c994d821b6c6edff586e128f6826357418b4d9f2355c2f5d857f5798db90794cf1365c938d55ab5498ad809f46bbe51503b2d3b6404b3ad6a06edbc0ea607
- SSDEEP
  
  12288:UFMwIu/dsx5F/Tx3d/KrH94sfW5s7tIc90FMvwmb1TLpU3AGugNUw:PQsdx3d/0fqStIe0FWwmb1/PBw
Score

5^/10
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  ButterFly BotByZeRo/QQdaili_2.1/update.exe
- Size
  
  100KB
- MD5
  
  86f76ac42decadaf0a097c1bbebe99cf
- SHA1
  
  e8ab4e093f179463056c34620d5cbf88d70bd0f5
- SHA256
  
  3c624d6983fb26e1a880edbf2b5df56fb165ec6d60fd11ef0d883e3cfc43b35b
- SHA512
  
  75a9347d125133505e987087ba7a1641d48cb394a433d27095afae8c4a700a36c080abebb4038fc538beb5133b3ee682b9396bbd395a33f48827cb3e6c978154
- SSDEEP
  
  1536:JtogjoTzPgTBWkr9zkT4cIDbGLwXtLFm9NM5:3o3oTnGBwXtLFsS5
Score

1^/10
behavioral13 behavioral14
- Target
  
  ButterFly BotByZeRo/SkinH_EL.dll
- Size
  
  688KB
- MD5
  
  bd42ef63fc0f79fdaaeca95d62a96bbb
- SHA1
  
  97ca8ccb0e6f7ffeb05dc441b2427feb0b634033
- SHA256
  
  573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48
- SHA512
  
  431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c
- SSDEEP
  
  12288:AuOtG9rMIfLpoTp2/WFH8bW7INLtK4dRjKCHd:9z9OIu4d1KCHd
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16