General
-
Target
c2e896-rrpy.rar
-
Size
26.4MB
-
Sample
240220-nj8q4aga62
-
MD5
c3ca02b2202dac89b367d798f7f268c7
-
SHA1
85870f441dbaa0a0731127ede2314bcccae10c90
-
SHA256
5936791f7b6363530211e14f8d2f1ddc828df261f5116ab39ce73c50ad90c75d
-
SHA512
43cb999ff0f8ed345d7aa96c7f47d0a17e03d63b6fb5dcbbdd017d4683fbc9b0755cb20b9ab2cc5f4888a49649fb6c8e4a7b84a8d22109eb86f8d6e3b791c944
-
SSDEEP
786432:i1at3AceQ5UHk/fTRCOMsB/KdvgrcLXreVkZzVS8aMW:i4twc75UHkTq+rQlVW
Malware Config
Targets
-
-
Target
c2e896-rrpy.rar
-
Size
26.4MB
-
MD5
c3ca02b2202dac89b367d798f7f268c7
-
SHA1
85870f441dbaa0a0731127ede2314bcccae10c90
-
SHA256
5936791f7b6363530211e14f8d2f1ddc828df261f5116ab39ce73c50ad90c75d
-
SHA512
43cb999ff0f8ed345d7aa96c7f47d0a17e03d63b6fb5dcbbdd017d4683fbc9b0755cb20b9ab2cc5f4888a49649fb6c8e4a7b84a8d22109eb86f8d6e3b791c944
-
SSDEEP
786432:i1at3AceQ5UHk/fTRCOMsB/KdvgrcLXreVkZzVS8aMW:i4twc75UHkTq+rQlVW
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
rrpy/DZSB/Add-on/DZSB/dlc.rpf
-
Size
27.6MB
-
MD5
71547aaa0a3e8efcbbda306accdd458a
-
SHA1
4ad76e8f22a38e9d45fe57334bdde04a4c4170df
-
SHA256
b7c1bc6315eeb814d77533285320aae610ab22cf2141c4e51dd5c7183545dd46
-
SHA512
bf868a9762a568c99ad7ba697c50e1c46e646094d3ead2a3135b0e63fcd7822c1b948f13ef4bd2c1241f1cf09e6a832a9530feeafc91ac387216f3ba42c3e645
-
SSDEEP
393216:04RFK0RZ6k35YrrJ8Wk1bYPfccJGCaWoNp3j+9mRz+:0UKeZ6ZvWXtUsCTo/3j+ii
Score3/10 -
-
-
Target
rrpy/DZSB/Replace/emperor.yft
-
Size
5.4MB
-
MD5
41991d306c75d67df6989acc6359c561
-
SHA1
5d667529c945bd50ae7d128af16ca01544fe565c
-
SHA256
e419b04a0b43993b36b282ddfbf6ca6c5f8903dd7d2544e4a6f0c504ab34de62
-
SHA512
aa01272e3a4af085ff325dd798f018ca306c7d373da8dc29dbf0bceb5025a549f07552bdd85dd429145e97b1b17ab5443e5569bcdeecc9ba83cb42a169fcfafb
-
SSDEEP
98304:ali4RjRKrQuwAsG2lbZskztr5nhtazreZjQvnzIJIGdp2rAOV0FEniI8WKw5eAR:x4RjRKrQK+ZZsk3htwiZjQLRrZVJ8WKs
Score3/10 -
-
-
Target
rrpy/DZSB/Replace/emperor.ytd
-
Size
2.6MB
-
MD5
0519c606e6cc72e0cbbbf3234f044c98
-
SHA1
1cf171cd4b200e6e74934ad178b51917c7e6fa66
-
SHA256
ec4d347e04c0b692a9bb0ae3467bd60612df6b8c8c1cfaeb450077f43897b04d
-
SHA512
091751c4eb37507d25f7fe4d404b92bccced7762034a7adf13dab279bfcef32f986016227bd1152fa48ad5cb9c98a32bda2f251a98785211ed2d8eef28120257
-
SSDEEP
49152:W11NOhBzVlJea6V38wGf2yPRNe8hdGBNLLXUTqKbM8ovWWq6TMieCI7IUtHC2:W11NOhBzVPf6xy/xhwnEJbM8oeq9eCZy
Score3/10 -
-
-
Target
rrpy/DZSB/Replace/emperor_hi.yft
-
Size
5.4MB
-
MD5
f344fb7f26d79ac2f346845af425f658
-
SHA1
c1afbc0ee5e86e654d76d8ee7b100d1100cbff55
-
SHA256
7a42332625607471f8957c43c172c138a139d3109260e9a88cf7c90249f4482d
-
SHA512
7f7f26ac4062344dffec2a034b24843de63ded48161a988ff8cd1c6388c19a8f3b63547d55d53acf373ab5e914eb5bd6c51abe21bdcec05c7bb2b303131aacf5
-
SSDEEP
98304:nuSlVYCNkDWfEWUVLRp3eLl+ZFQkCSOfM2ZsLi9ocQmFYKFCB6l6Hx9BWik6FGfJ:nuZCNQWcJLRp3s+ZFQyOBj9h6iAzo16E
Score3/10 -
-
-
Target
rrpy/DZSB/readme读我.txt
-
Size
1KB
-
MD5
d94d24ee08b384cea79d35c47b21dc6b
-
SHA1
b789feffd48ab7d75d845b2372078c3ac14fced8
-
SHA256
99c611f60fb1b984c03dc81c0db50bc2aadfcce9101a4722a61b2dbf4c6be103
-
SHA512
7dc7e16499929680cb98f3a88b7c99e0ccf0970fe011f26160b21c5336794a382e41abfb48967fc1d59e1750d2e32fb37044af483c07a0ddaa03fc7d7df993eb
Score1/10 -