46d50a60519be7018ff2596532d29d16a9a926bc85e6c0f03cd16e77d18bb579 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26887e05fe738301d386543f4c270ba4
Size

2.5MB
Sample

231231-d4qe5schb8
MD5

26887e05fe738301d386543f4c270ba4
SHA1

a2f530a0061a022b73ec1a8a9ae7994fc7864145
SHA256

46d50a60519be7018ff2596532d29d16a9a926bc85e6c0f03cd16e77d18bb579
SHA512

e54f8a735e53aca6e03465bb298a2f2b7abd3686ad27f8f5ca4fef4eaf789f5576b195febc3cf3af75eaf672b88fd265c8dfa3a4b451f8e3454acb8a96592abb
SSDEEP

49152:sEfSNWlOT5WX/qZR6JQhAaXkbmVCxVgRgp6RjxdRRENFqGrkFC/oS:VSNWhXiZo1aUKVCxppu7INFqG2CAS

Score

7^/10

upx

Malware Config

Targets

- Target
  
  PhotoDream_ha/@收藏！.cmd.lnk
- Size
  
  555B
- MD5
  
  ec8bc2f5b4b50b2b334692094710374f
- SHA1
  
  477a969d60f6985e3454b2e8e20df9b251611a9b
- SHA256
  
  8cf8cb815e1742f9b656f40937fa93c69986ac83f5b294f040f45109b758f5ed
- SHA512
  
  424c1cac086d8b4fe4270f948a41d7aef4b7522e9d94cd8ca7971b8e1644a0d301ad437ee3357dff402364dd974122cad956e9ded12abbe59da51881d9e00fb8
Score

3^/10
behavioral1 behavioral2
- Target
  
  PhotoDream_ha/Help.CHM
- Size
  
  161KB
- MD5
  
  7fc0082e3a17ff92bd3601a9c54f2f54
- SHA1
  
  6c5deddde9f456142d1189a510e84b0fe7ffcb21
- SHA256
  
  07be237198f24e3608aecbcff517354d77afb8b356cd92db239ef90701be815b
- SHA512
  
  056cdaf1c87006d064d0f7d8acec64bf155e159d7ff15f59b15cae656861d3bbe42dca36055042da22ccb9d59faaf51449d9dffcd67757ac40fd5851f3760178
- SSDEEP
  
  3072:jc/JAKHa1HHL5sGwIZQrv7O9iHYUXImfwSdw3coWpEhKsX:juJAKHa5La7IgvCAHIXSdw3coW2hKC
Score

1^/10
behavioral3 behavioral4
- Target
  
  PhotoDream_ha/appface.dll
- Size
  
  241KB
- MD5
  
  f9c75320e630180b0b1e6a99a1becfc6
- SHA1
  
  a99b4db04c203d729367604107a283517d187c0e
- SHA256
  
  54a4e158f1d8d086a21ebcff9c6c65f0df228cbd5b15642b648e3679687079ea
- SHA512
  
  99eac7190483f294079faca045eda96ebb03f37a1b44817b1800e55d29bd8efa473318c56174c08dfa825bf5633ae0cccd2b7cdbc3f61bfb65cfa9ec1a480b86
- SSDEEP
  
  6144:RAH2TxJdhqagEzOEwt7oKudfFUmArmfhfsUrKE2rq/vrIuUq:O2dIag8KpsS6NsjEWqHrNUq
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  PhotoDream_ha/iis.dll
- Size
  
  632KB
- MD5
  
  f4762a97b2bd3e230a5d8b983c782062
- SHA1
  
  1e9e5f407b1d9fbd32c6f041361a5fe614596ffe
- SHA256
  
  6a11179466216788d6b290d9eed9ab158b1e27259f8885ec073cd325c5271467
- SHA512
  
  e07d3097b7db58d9caad1962e0382729e66cb8cae23ea86993229968b67419b6de5f4041e0afc93f8962bb702d15e207c17262b1986b6473165c335f57dc7730
- SSDEEP
  
  12288:NEGCZ7+MPnGWKilkJXaicUxflPqMD8ZfCTIbHxc:3jMfRIAXQPqMofC+
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral7 behavioral8
- Target
  
  PhotoDream_ha/sample/sample.html
- Size
  
  5KB
- MD5
  
  215be643e7d7bedf18bbdcbd6226152b
- SHA1
  
  9f7b5ec98cb21140914ede3e18f3de1ab7b7249c
- SHA256
  
  29268da4a4f88dac6383cb9367dad4bd903c2c5b1cb936c96bfe311b16855059
- SHA512
  
  9fdd7a47b46109bed0ce7582ec3212e997848e0c880f83ab81013f1c71af7f787883df9a2c593c0413dea733ab57357bbaf38d5f9f01e8d1e3115873112773ff
- SSDEEP
  
  96:PbIIThmSqRQ3vJ5ZGgfSIACJMuU2ibAjrwT3kHVQzebVyfuVG9WavAAj7KBd4zye:U4hmSqRQ3vJ5ZGgfSfCJfpibAjrwT3kw
Score

1^/10
behavioral10 behavioral9
- Target
  
  PhotoDream_ha/soft2cn汉化说明.exe
- Size
  
  54KB
- MD5
  
  0e20586b905b850708460e80873c7e4e
- SHA1
  
  2b13992717e9b3400c0c87870b4f2e6ca394924a
- SHA256
  
  93d5156ad09a531677644dd410dd5fa33447384518f7059da87bab2d67bfb945
- SHA512
  
  0d0495124af1b6ac21512856e0d787305be506852237a0a4e378fea459ccfff737e65e5f0eb7e7a92bbc91aeac255944aad7515a1a88c4059c806b8789a1a72f
- SSDEEP
  
  1536:5q27JMs7TOIOgEXFGJC8UBhEwaLiZr+xfV:5q27JtTOIOo5UA5iZKxfV
Score

1^/10
behavioral11 behavioral12
- Target
  
  PhotoDream_ha/智库绿化程序.exe
- Size
  
  20KB
- MD5
  
  95f71afe64e5e2ea9e61ed24a4b14e32
- SHA1
  
  f593929badcd4fa58df3b68948525b002da2e521
- SHA256
  
  4f0f8d8b6c100a53ae186c6b81bd2fa555a349cff83a903489ed777e974d9fcc
- SHA512
  
  71c2b5aef03a8c11087b360dfe51479fd2192074177064666635b0b9cc15dfd4a9bd4952e2b034965e0ac796a16d3139dab6f6fdf1165a06e347c6840569812a
- SSDEEP
  
  96:e56yeg8yKwrt0xJEZHcDeS//PeNjzdWu3+77DuEC44Z2CPLEFAxJGyKwrt:qikLeEKDeSPeNjzM2ECp2pCtL
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14