25a1ed638307b5c361a117048961fffb5533a2925553a2cb44ae61fc5389c23e | Triage

Sharing

General

Target

0e295b3c69a6d5cb87154b6a6451476e
Size

1.8MB
Sample

231230-ewd8ksdgg2
MD5

0e295b3c69a6d5cb87154b6a6451476e
SHA1

1e529b5b9f1f9a03055dc0fa60bafe1f33cb2212
SHA256

25a1ed638307b5c361a117048961fffb5533a2925553a2cb44ae61fc5389c23e
SHA512

c96272cdf46f25fc448cfa82ed58216450231abb5587a61742124477f195ed60b8b4e4a0f97809fc1226ac34e13de6e21e586f75eee6f1f90a3e8294457d04e1
SSDEEP

49152:E8cn66NYhXWSiMJI97u0WXccyoo9CtiBNRK5lH:dcvNYNjiII97ujccyYtiJK/

Score

7^/10

spyware stealer upx

Malware Config

Targets

- Target
  
  10.exe
- Size
  
  23KB
- MD5
  
  7d37085597cbb581e7f16f3ce86704f7
- SHA1
  
  7d2105b07c191eb59aeb9b79d1381eeebb5da634
- SHA256
  
  2fec88c49d917361318ba9b844ed2ef24e9bfef5522308b2438dc4b5e36f1253
- SHA512
  
  2aaf2cccf09a47a872f0373a8bb48e9d694192238ac26a5df22e4cc41c0ee2246748ccfa5577ee387700131f497bceb7729dc6b927695501344fb9b87a7963ca
- SSDEEP
  
  384:FwA6K73YQaBM5oFIyduoqCG1L4gzjAzk6KuJrGSE5p7Hlv:FamIQaBioFIauoqCWQvBE5pzlv
Score

3^/10
behavioral1 behavioral2
- Target
  
  12DNF小马.exe
- Size
  
  18KB
- MD5
  
  e076485da1aef93f3621aa6b7c05ba73
- SHA1
  
  3653395ed051c2524a057ddd3803a673d4ba722e
- SHA256
  
  7af91034be743da9149c18584ffeb71cb0db100a15739f6169a5b29755a25092
- SHA512
  
  fdce6b959d1fd8a1e61379b25d57f0b09c67ba274c9634a301fddefe1cc45ec1eb1b6c158afb37ee8c4e5ecbae14c5c59518dad65210807397c2118c214acc86
- SSDEEP
  
  384:IkJcqs0mP5C3SyeTfyEdftyVVhxY+uuyhGy1KSYz:lLhopTfyEBaHxY+uuFVz
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  521DNF-HA(新).exe
- Size
  
  1.6MB
- MD5
  
  357e8713bd71c96409b70945507128f2
- SHA1
  
  e382581e46e170882d31a2694954f240ba50253b
- SHA256
  
  dd0341125e111d1182ba1fba5c034f5b2423458bdf211d1081d541acd1d6d4ff
- SHA512
  
  2619274bc024eb7f6ddf0bc75a420ef794c37b187833234dd8af8faaec4b1948a0e795997195202463bdd0130432535676b0b1ed193b7e7156d91d16196ee6e3
- SSDEEP
  
  49152:kpJOdoMhVXqOB1evpleM0r/pi0oK506SW:AUHDDvevCMGoU6W
Score

3^/10
behavioral5 behavioral6
- Target
  
  DNF掉线数据清理1.3版.bat
- Size
  
  748B
- MD5
  
  d47c0286cfb16c38bfbb8f82c3381fcb
- SHA1
  
  81333cff6cf331214413c6b6134ff3a4da353acf
- SHA256
  
  292218fbd6ef7bb751ddcba193f629b3268d046ee2e79182f1da64fc1dbbb5b6
- SHA512
  
  0646d9cc45c7ca596e3d2758e88002fa661a6a6c4bf07db2dbe9c4325eb9de3dad21c49b1ab37ac73a9cb8908e6cc5b761599f589ac1d36513a447b967471f20
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral7 behavioral8
- Target
  
  冒火.dll
- Size
  
  112KB
- MD5
  
  9ae2099c3940fa5a0a48c3869257dffa
- SHA1
  
  60baa2301763bf6887296bfd5ef461bc1a183aae
- SHA256
  
  e24c82390b05446efe5d82bd5392c6d6d207efc44f6e0c870117a5f1720b181a
- SHA512
  
  f4c1e7cbfe0932e0e0c99eecb827c82c144cd7514ac563f517b2ede3d0c25c2b194adf4ea1105cc4873a20e6bfad81d32ccd913d2ea5c1b3f1298503457d4262
- SSDEEP
  
  1536:vOPM3eJ3KYc4xMAzUVQlrRrzPiQN+2gkldlaR6c3OEz5Wro936dbWWwsbPlmGIbq:WP7J6YV4YlPi1cxI5WrYmhI5antout
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  查看最新代码.url
- Size
  
  96B
- MD5
  
  63e27ae20ad17f5ea44cac5b182788be
- SHA1
  
  26ddf3def306a9d9f79c6906ca69f42d91570709
- SHA256
  
  b83b5e37b0ee8d6110c7a304c1296873c9541ce0c6a5c09034c97d9be1293b3f
- SHA512
  
  130384899877cf708479ed6324b8a6c1a8eccce631995ee558459da009eed0866561f7fd03df03f68a1e26c2196b76efb8595deb49d9c3885a0ffd48e3aed5c2
Score

1^/10
behavioral11 behavioral12
- Target
  
  觉醒.dll
- Size
  
  112KB
- MD5
  
  cee8a9f36b32a0429e0c5bbbfaa0a62d
- SHA1
  
  e67d6847b1f021bc1fd3b7af50812b68f09ce3e2
- SHA256
  
  cad8564c059307359d0d6e43cadca1246d9637ce8412239c4b4da4e734d3d676
- SHA512
  
  bb6a7b7de0ea982d2cfef0866891483c316b66698b175bdebafe6a9b28bd490c9c6c0471ad5390a7278fe0dd98f6a3936f881122b72889b4eababfb3f6649efc
- SSDEEP
  
  1536:FhR3GCq9YNyGUTbVOgVij9GcaE1+33R0sR3hOlL4lqNgDl4Z+Dz3LLnq9e4nouy8:jQCq9YNb4ij9GjEo6AOOme8Inq9fout
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  风暴.dll
- Size
  
  112KB
- MD5
  
  fc6abe71583729f07a5ef6ff9cb04b6c
- SHA1
  
  dcd8001a3beb19cee3b952462b3c2975c2caf172
- SHA256
  
  0ddd12750d0614132c5665305eb0c6333239b8af63034091c6bf2364e170c9d0
- SHA512
  
  0281e195f1fc96588a7f9acf7c1bae8af372362eed12c9d7ff441e96f5c5f245206ed43321dcaaf71303b40e25a069a60fa4b4d1000680e8b5c129f77d5b8160
- SSDEEP
  
  3072:bjMom/EgVokvF1IfMDtEoUHgGSVYRlout:XMdcgV1vPoMDtEj9SkoS
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16