fc6d3cd59588db62afcd01140526c1b6ce6a5bf801079da62d228371457ad93f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc6d3cd59588db62afcd01140526c1b6ce6a5bf801079da62d228371457ad93f
Size

4.1MB
Sample

240103-rk974aedan
MD5

0a2458c348befdf1c48e1afc10284fb0
SHA1

bd02e945fcd56a51a815c4722f3d7736e2a6421a
SHA256

fc6d3cd59588db62afcd01140526c1b6ce6a5bf801079da62d228371457ad93f
SHA512

b89db380a4a14206b553c594b02504bb2641bdba1c5a04beaa9ad3f703ef7b1e320487381ff3e8a7b863daa822e965fd7fc7a664641c8d7bdc918730150a540c
SSDEEP

98304:4JWhVsKzxoc+Z1ACDDY6ma62TFA0/lKo9/NvvpBYCkgvGjFucefG7V:K8xopAaDY/2xAkNpmCkhsc

Score

7^/10

upx

Malware Config

Targets

- Target
  
  EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/Main.exe
- Size
  
  1.0MB
- MD5
  
  054f6a6ca319e50c62ea5d90c732ac5c
- SHA1
  
  324cb290ead57e5a64f9d2ab9c33e07287310eba
- SHA256
  
  b54a61608248e8f567732980402abaa7ddd14974906f2a9577fa1161217c2d41
- SHA512
  
  ee5ab4be1ff07f99bc826112ff30a2edd4609e44822a96f0ca8cd7d65e1bc9f653f7da91fb88bbf6c358887f04969af2ecc8c51ab8a22703b35f4b86c4d42380
- SSDEEP
  
  24576:NI8I/lXTZdgiP/pn1d+sF6ZPh8qEuMkbLGv4ju6dDab+f0hV2g:NIfDXP/p79QZBEuM+LGvd6BiVT
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/RegDll.dll
- Size
  
  24KB
- MD5
  
  e29d9a912204844df5306ca3935b1f1c
- SHA1
  
  19ba6440827ad2ac515aeb6c8700fbb4c896e61c
- SHA256
  
  3453bb9b4550dd5a51a64c3d2d25f1b49744b05ac740c57f2dd9f89084811318
- SHA512
  
  9229d5c845eeb36cd293e8d998aca63ed14f41b43d7d11da8682ede4d24853eff19bf0801b8ab055d50c849be7cbf94b890a672d90b55eec5019cebf98925a3a
- SSDEEP
  
  96:Q+fvNT4ui9YFfZVS7pxN3LusGOKmzXyUo2SZjvnEkWRA5mJL4DwdQTDut9Zdn0K/:TcYbM1H3ysce2NEkWCG4DoQTD0d0+
Score

1^/10
behavioral3 behavioral4
- Target
  
  EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/dm.dll
- Size
  
  3.4MB
- MD5
  
  af63816b13d8ee8f9abf27b1c4078fe0
- SHA1
  
  b939631d51fea14612fd69e0e450b69a9f57f879
- SHA256
  
  bed18ff4eca4cf4b6ac671dc8d5f027878c8a6cf6ec4d72eca0fc0f7f37e1852
- SHA512
  
  f4abc2fd960a0890e0083ab07ceb010ac6db64dea45a403b721d93f411845e37d0e4a65127aa551d4ff35ad3fcaca80f72f5b87079e0612b31ea4ef27152d7a4
- SSDEEP
  
  98304:cruA9S6lp2kysNzX4nAyyWWaao03ZaGCrhUNO9vWHyLInPPp5Sn:cruA9S6GJUXW5azAWwLLInJon
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  EV去除录屏检测工具v2.81/EV去除录屏检测工具v2.81/关闭系统杀毒.bat
- Size
  
  1KB
- MD5
  
  7901cb31a047e5882333715d239c6891
- SHA1
  
  3ca110edeefef8ff25deff6f7107208d5b5fb216
- SHA256
  
  32906fd9d02aa0bbaa29f45351f189d2581f1c843a5ded22e9e3b11eb18a6ff2
- SHA512
  
  7f23d20fe6067b502dc742c5b609b327583d17fa1c3497a820f9f49670240b98e26281d4209794013bf47aaffd7c67c5bf1527af9ddb25ac6db43bf6eb5b3bcc
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8