9f86e36984bd9998c779891a995b4a96aa01e796afafd43e68e7f5cba56d8034

Sharing

Copy URL

Twitter E-mail

General

Target

7ffb8913420ecfe98527201694da927e
Size

1.0MB
Sample

240129-q185asceer
MD5

7ffb8913420ecfe98527201694da927e
SHA1

a332e21c63d43e47a3e9e6b8a9aa7579568b3c94
SHA256

9f86e36984bd9998c779891a995b4a96aa01e796afafd43e68e7f5cba56d8034
SHA512

c8caca65566ec8f8e9dc49a8a92a3d4c3071a9e0e349fe7ae839c43b3475dc7bb93259d296b9edaaaf0a60268d64e5d1c9dfff55a9802f03b056bd36be962c2a
SSDEEP

24576:Q0OOvdV18Q2PotoVfAKqdHsLS23i0iDHvJR7wGGg:JOOvNh2PZVKdHwrkDHvJV

Score

7^/10

Malware Config

Targets

- Target
  
  7ffb8913420ecfe98527201694da927e
- Size
  
  1.0MB
- MD5
  
  7ffb8913420ecfe98527201694da927e
- SHA1
  
  a332e21c63d43e47a3e9e6b8a9aa7579568b3c94
- SHA256
  
  9f86e36984bd9998c779891a995b4a96aa01e796afafd43e68e7f5cba56d8034
- SHA512
  
  c8caca65566ec8f8e9dc49a8a92a3d4c3071a9e0e349fe7ae839c43b3475dc7bb93259d296b9edaaaf0a60268d64e5d1c9dfff55a9802f03b056bd36be962c2a
- SSDEEP
  
  24576:Q0OOvdV18Q2PotoVfAKqdHsLS23i0iDHvJR7wGGg:JOOvNh2PZVKdHwrkDHvJV
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10
behavioral7 behavioral8
- Target
  
  $R1/baidu_dizhilan.exe
- Size
  
  240KB
- MD5
  
  35c2e87d43e41a35c39a7d1da9c6236b
- SHA1
  
  b852013fea2dbef47248989cef875c70fbe74a65
- SHA256
  
  588c684fde086812b7f5bc21366907993c69cd921eb0fe9fefccfbad9e53b2e5
- SHA512
  
  87879807b10d0bb2e8ff7286a8effcb27d43d0208c00b84703d4f7138ed4ab5ac10b0e1f1d840d7e60ff9ff812eec37eabb245ecdf712af7b543807e187a8f67
- SSDEEP
  
  6144:zAPRxoNm3OsX7Q79Z9X3EkiGF+emYXUPB:oxoNf7qkidoUPB
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMPLATES/installstat.exe
- Size
  
  44KB
- MD5
  
  7c30927884213f4fe91bbe90b591b762
- SHA1
  
  65693828963f6b6a5cbea4c9e595e06f85490f6f
- SHA256
  
  9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994
- SHA512
  
  8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab
- SSDEEP
  
  384:H+HHi0nKwn0RDbwemPK7BywsgtDgHJR0bA6VWqaCL6VuhV5bIle+vEv5aY3uBRgl:en1nKwn0ZFmKApg7AqaCL6Y16Ha5/uO
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMPLATES/statistics.dll
- Size
  
  80KB
- MD5
  
  a8454799d44910d1623ddab1e96037b0
- SHA1
  
  ac90d80758d77292519208250631eb6eac8ebea3
- SHA256
  
  266c68aa0b68afb9703ec9adc7a5e99e6ffe25e6278a99652e9782e2e3b6018d
- SHA512
  
  20e7d8192ec30dff1a301c03728f758f623eac55d927defea74836fac576d9d4e9c2ad02d6d9e48d8656bed389a40a55f1787360ac50b1ca233f98fe7b844712
- SSDEEP
  
  768:4RPywMvjUmWSa+VV21Rp0wwVSr90uG0F2Bcdznr6PYdzvn29:my1LESaC21PHwVSiXIBdzvn29
Score

1^/10
behavioral13 behavioral14
- Target
  
  KDocks.exe
- Size
  
  427KB
- MD5
  
  73231e8612e3955b328528efda1b33c8
- SHA1
  
  e6f3c4ce06365cb18141105e9c163f3d01db22c7
- SHA256
  
  ff83005725b53746345cb92ffd49a49458325e4fc757248923a034d95804759f
- SHA512
  
  597dd7c9e4576e8db7ac98c9d6c366702d1d3c4e3bf410ed7fa9015211e9610fb9627ef4820373a5101e2b8b406d477a8974beee7e102d33807cbeec15833a5f
- SSDEEP
  
  12288:ECybNrrHyjWTa2wc4TXtUkAhZgT6+DzgNw:qdrS5kGtdFG
Score

3^/10
behavioral15 behavioral16
- Target
  
  uninst.exe
- Size
  
  37KB
- MD5
  
  97569e12887176f6256e05c74b831a9f
- SHA1
  
  14d33dec5bdebc2a41541882c09c180959871c47
- SHA256
  
  853a0d3a03dec409c9303bd3c52017cb3fdf01570d802038bda28d058192edc8
- SHA512
  
  957dd5e1d034a14d7f3111386841913dfd2093bab91a103134e04b807425b967b5d7ecf36ea1097b28a7cc36eab490f83cf26b75f553aacd79bab535be6a628d
- SSDEEP
  
  768:EHJd0TpH2+bQ2dUWVX9Hfv1JMWmtLEJOyuBxG0D3mjfS3XJqTQvDXnV0:EpgpHzb9dZVX9fHMvG0D3XJG8nV0
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18