0ba3015e77c9848439ee1fb22bdaba27caa73a624d3cc5286adad08c923dea3f

Sharing

Copy URL

Twitter E-mail

General

Target

0ba3015e77c9848439ee1fb22bdaba27caa73a624d3cc5286adad08c923dea3f
Size

14.1MB
Sample

240227-jge9jsbe47
MD5

e6a744c743b19c49a96c62dc7e9ca299
SHA1

44422f3323cfba8bf472a56df51578b4333d3716
SHA256

0ba3015e77c9848439ee1fb22bdaba27caa73a624d3cc5286adad08c923dea3f
SHA512

660c4bf2af66a95fc15537380cb644542e68defe197d8ea859a6fd528952705f70d17deb22c0276e551c86909d601a040c66da331805fae6789094a7529d9a88
SSDEEP

393216:xuRNIdr6NGKFL3v1IGrbdhBSh6y5UhlSWVKjF6J:84UNv1vJrbzBSU9CB6J

Score

7^/10

upx

Malware Config

Targets

- Target
  
  replacesetup.exe
- Size
  
  6.9MB
- MD5
  
  af534de9b548a234c27f213e5b984dc9
- SHA1
  
  a4a07ade41a6c1ccab7924147aaf19e6700f7d08
- SHA256
  
  3d8e71720ee2266b093c3f7e177953fe69f6afe4335048a0b2ec0cd92c148e78
- SHA512
  
  72692490f5e938daa4787421effd883a03eaae7281dc31a3092c99c6df01f1524ac169d5e878b213681436954177dddd34b6f99ab66b68ffbefa2986c917d7a6
- SSDEEP
  
  196608:Sv7YHNv963eFwEIDPOau9CfciTccGsCizFum+ZRx:W7gUZHOauWckccZVzP+ZRx
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Clash Packager/简易封包工具_3.2.0.1.exe
- Size
  
  1.4MB
- MD5
  
  4b7c4479a1dc4d57be23d11b3ca2a01b
- SHA1
  
  e9e53ea73d4a0c842347e1a7c0bbe40da4e4702d
- SHA256
  
  da2cf03939dc1ce1a873b8bc08b26aa13a797245419047cfe47032346ee9eab1
- SHA512
  
  412d94582b0a6984b8db5262f31d7f4112e73e21a7077707ff319e5e9f7aec7f70698a9e3cb52d5297d9d98e07da7782cac727b75411e9b5bfe982b45fee1c09
- SSDEEP
  
  24576:gBXu9HGaVHErIJt/gxC6UQcCEX8a5DJ0mjP5eJms18haH4dEEMO9xLYd:gw9VHxJt4o6UQcCDadJFgfOhg4MOnL
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral3 behavioral4
- Target
  
  Sinicization/npp.8.1.4.Installer.exe
- Size
  
  3.9MB
- MD5
  
  fe4f6dee19b89d2ac0f93aaa31dac028
- SHA1
  
  093921c8dbf15164b7ff5a132bffc89a121cbe82
- SHA256
  
  eadefd67e95bef200b2506caf8b3c82e0ea6c3cf895936614ba442989a08db4e
- SHA512
  
  6e5ad31999bc752fea28a56375d34f8112fbc299a4162d3af7350652128c908f2a1b5404587208db382913a52ef2005371af7f7526ffa452461162aab3300165
- SSDEEP
  
  98304:UvIcasb3kdMpt3jgZzULj0hPz5jnMcjc3Dx3:UwcDbUdEj10hPBMcjg3
Score

7^/10
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  05bf02da51e717f79f6b5cbea7bc0710
- SHA1
  
  07471a64ef4dba9dc19ce68ae6cce683af7df86d
- SHA256
  
  ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5
- SHA512
  
  c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6
- SSDEEP
  
  384:ESC43tPegZ3eBaRwCPOYY7nNYXCv/Yosa:EbTgZ3eBTCmrnNAx
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10
behavioral11 behavioral12
- Target
  
  asar/linux安装asar文件解压打包组件.docx
- Size
  
  16KB
- MD5
  
  973a163e8cb4d6c4da477dd6e6b78063
- SHA1
  
  c25cdc29859d0131971c5122bc5de1ff6b64e5f6
- SHA256
  
  e58679811fe06fd16642942a8f61b77eb8c5f3efcee7396ec5e41b77da46d7dd
- SHA512
  
  c897f7bd124053118063d8a28a71b2ee2e4245d9726d63176541921eb415a9dfecda195260d11b2f4cf91fab428a97faa62cbd347c1dff82dc012c3739f19743
- SSDEEP
  
  192:jhvAkoUR7fznSqqi6+zxFgbET6sjbnlJ1jtyQDubjya4LOrgDBIwMIT1TkRiW:d7bRnnzqi6q2oTjjlwQDubmxqgFSpRiW
Score

4^/10
behavioral13 behavioral14
- Target
  
  Clash-for-Windows_Chinese-main/chinese_file/Manual-Chinese/renderer
- Size
  
  26KB
- MD5
  
  ba6935c6d992b71accd5467a09ee7bb3
- SHA1
  
  f7a75bacd8600f7cee0a93dc1742eddf22a3bec1
- SHA256
  
  cfd0e485438de4cf06d97f3d024847d590b7fd09875ab5bffd7f8051ba0bb86f
- SHA512
  
  0828f95465e773907f38ecb6b071c3520b6ea43553418e297124d68663b590325222f499260813dbd2417eebcf72c0a9681c0336a412f699ddf7e9aaf4cddcb5
- SSDEEP
  
  384:aQxCrmDU45B9dwEwVjEqXZvEZjoor4ubFKvqGX3fj+pK0W/Lth/EcuaBD/B9ZVlG:LxvBFdINYj/k6whjf/EcnB99n3A
Score

1^/10
behavioral15 behavioral16
- Target
  
  Clash-for-Windows_Chinese-main/chinese_file/Sinicization_files/main.js
- Size
  
  39KB
- MD5
  
  03d5c3aa4493b8d14259fb486e133560
- SHA1
  
  1a8574050743e87058ab3b06de7bef4cc45d568c
- SHA256
  
  1bbb65a35b2eab09eff3b01aaa278403313abf008367b94b19ba311ae03abc0a
- SHA512
  
  460d6d11927358ad0525a56bbee1f8de35a23baf64c64c9ab63654c25c0459ed6d0b3dba1a789d940d8010007b0d2347a2342de753f0c40daf66e7404baa1c18
- SSDEEP
  
  768:O08bLQmxlKVSuXu6arHWzX7rKWYxq1gQa4NWXBg:O08bLQLVndX7rKWYxLj4D
Score

1^/10
behavioral17 behavioral18
- Target
  
  Clash-for-Windows_Chinese-main/chinese_file/Sinicization_files/renderer.js
- Size
  
  3.7MB
- MD5
  
  bf7483c43246bd05bd03f58a38aa894a
- SHA1
  
  e05c3e576c4de9a9a06a8b20921970b2df5280af
- SHA256
  
  b4990b17edd05f87cf784aeebdc35e72d02816cc9b2b81dac78c8096135bc4f2
- SHA512
  
  430bb90a796d2d8eea16eda362436a9b4d950e65df641236af445a3bf297220c3744ecd6baaf24f6b6c166ecdcbd9ba228dab0fb019e72b948c0f5cdc648c38c
- SSDEEP
  
  49152:6E5SRqCXYkFZr9YBW4fVy/d4SH7h337aMmOrvTL34K2OzZX2ZpqcRjGldKWkW+bH:3
Score

1^/10
behavioral19 behavioral20
- Target
  
  简易封包工具_3.2.0.1.exe
- Size
  
  1.4MB
- MD5
  
  4b7c4479a1dc4d57be23d11b3ca2a01b
- SHA1
  
  e9e53ea73d4a0c842347e1a7c0bbe40da4e4702d
- SHA256
  
  da2cf03939dc1ce1a873b8bc08b26aa13a797245419047cfe47032346ee9eab1
- SHA512
  
  412d94582b0a6984b8db5262f31d7f4112e73e21a7077707ff319e5e9f7aec7f70698a9e3cb52d5297d9d98e07da7782cac727b75411e9b5bfe982b45fee1c09
- SSDEEP
  
  24576:gBXu9HGaVHErIJt/gxC6UQcCEX8a5DJ0mjP5eJms18haH4dEEMO9xLYd:gw9VHxJt4o6UQcCDadJFgfOhg4MOnL
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

UPX packed file

AutoIT Executable

Loads dropped DLL

UPX packed file

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22