01326bbceb202db96e9db12fb200f0336536968f29581641487ada485d0ccb99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04a9d80bf3fc6006656c1ea8fa8b240f
Size

2.3MB
Sample

231229-1h7hvsadb9
MD5

04a9d80bf3fc6006656c1ea8fa8b240f
SHA1

2f990102408545e0f7ef92a620f414b8ff24bc47
SHA256

01326bbceb202db96e9db12fb200f0336536968f29581641487ada485d0ccb99
SHA512

1c7f9bd0db5b16e274413cc9e389c698906b7f4e2b09801c8537e42efcd4fdcc505a344f274be9246ee4e849870f30b11663df316ed92a04d9444864fad8d7a9
SSDEEP

49152:be1g/eboqTbTstCCCum2aa0mYXYeVaSaYNuJvi5dvc9nggl:begmboUstCYADkJimgu

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  QQ聊天记录终结者.exe
- Size
  
  1.8MB
- MD5
  
  a47d1facf43d7728428fe5d6e8ce087e
- SHA1
  
  7ccd32da4fbc364df93640d82ded99b522c8a05d
- SHA256
  
  27639c7ee786a3f2b682cf6802951b9ab1d6fa2d091046a4a46c4a194fc29c81
- SHA512
  
  374513a4a2b3fb74e275cb3cd5b8db7843d9bd3f91b8d725e229a8f91ba83938963b1738a33dabaa1971cca95e7b469d842860aa61dd9dfc52da4da2bf573ace
- SSDEEP
  
  49152:59Qok1X1PtP2qJaHWebJkxuomxNoAavwCrbnj7N:XQoSF3IWebKxuomxNdCrbX
Score

8^/10

persistence upx
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  卸载.exe
- Size
  
  137KB
- MD5
  
  2de49a9d0307ab425ebd6944d4655b12
- SHA1
  
  2465ebf5996cef692d660a05c3a1063289eb6048
- SHA256
  
  c255c3f095bf5e03bf5a1c462681b855aadfe642d6d805018aced09ee26f7991
- SHA512
  
  f4319072192b84fb7b14830076494804f7e449ee560b853ba0d2b637257c3c09b550892ed5d60dca3f109e1ec36130b4ce949614c93e5794b688a161e0bd00c6
- SSDEEP
  
  1536:NNPqNourLUzU8ElMcV6jr7UD5zYGJu90y9Vu+NgL7aMxG/+K:zcRPUzOj6jr7WJu9rk+aL7W2K
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  在线升级.exe
- Size
  
  550KB
- MD5
  
  564eab426d90dfc5d776ac258f1d4534
- SHA1
  
  6195ec266f14c5cdd11f3289a8f6aac626c59190
- SHA256
  
  6a9b6bb193357b7f4dcd20affd9c90db36728a95836133bd1d6bd0d7ff7ac20e
- SHA512
  
  227d0e2284af58ea6aee81d6d9902bfa11b53955cd834d4207e49335257c6127566546b142af7a8404367d456c5f62c1e557bc87cb77e00969dc988aa6193dc4
- SSDEEP
  
  12288:snirYRmZa/kCdlGxlizlnhjKRK08vvgex:jYn/tGxozNTrvvg
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  在线帮助.htm
- Size
  
  253B
- MD5
  
  09ca99497be8a000113af16dfb97be11
- SHA1
  
  b541e448590c8a40a1eaf9742c1016ab20a95a58
- SHA256
  
  f40840743524ce35b679e5538c4839455f45eab9d082207c8270b98f865c179d
- SHA512
  
  50fc84db9786b8469ed14afc31497c6bc911b06d3e464ed3a216d393d9655814b416bcfcacc5e6deb40fe645b67f11c0ad23713721c91106ffe5d28be5117d2b
Score

1^/10
behavioral7 behavioral8
- Target
  
  帮助.chm
- Size
  
  155KB
- MD5
  
  a8fe4bea2f9d474d057896825a626014
- SHA1
  
  3bfbdfee2726129c5e523fbb6a2dee6d805f87a1
- SHA256
  
  04528218b608a4a6150026337aabf31e34554a30a50dfc05f3cacf646557e628
- SHA512
  
  796b670f2f1a99088a281a22b32a1f07986b6218454e7d42529125bd6d55ee983bf8cb8d7d701217be19d3c058af73c5918bf87bb91359eed24e1552d7764a36
- SSDEEP
  
  3072:7sW0e+NMCbyov1QlVTCAHkK4fM/OirnYGsTqhYV5FTsk/O4fSOE8baHm75v:7h0EoNKdCAEK4f0OikGsTRVDrO4fSOn1
Score

1^/10
behavioral10 behavioral9
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12