6b29defdf64b4ecd9928a84548ee10ab02dd88ac014fcf7fc277dd282acc2a7a | Triage

Sharing

General

Target

c7f7964ebacaa6400a0cc7a085415104
Size

740KB
Sample

240314-hm2jasdb4y
MD5

c7f7964ebacaa6400a0cc7a085415104
SHA1

b799e1f793ac30243a7929e2540cf82a40b22498
SHA256

6b29defdf64b4ecd9928a84548ee10ab02dd88ac014fcf7fc277dd282acc2a7a
SHA512

8775600cc5f65904479b8e2da60c980a8650d061c9361c753ad083002872cddb6968beaa76c60fc716a85323c46025b57bb0aa4c3c1727f9533e089ce793d100
SSDEEP

12288:UTJqD3mz49cpd7U8joHWzv2qXba6djtNyBigOr53S/rE/ffiQXtoj4Ng9f+Mk2S+:U4Ov7UWGWzeObZdjtMBi3ErOir4K9hC+

Score

7^/10

Malware Config

Targets

- Target
  
  cwbm/QQ超市精灵问题反馈和交流.url
- Size
  
  75B
- MD5
  
  a6f4714bfee052b5bca566acac8aa0b1
- SHA1
  
  97c23b059c9a7de0ebdba1c5d7e6c206ff84b5df
- SHA256
  
  106e7f95fb49951c0ca1fa2a1c4898f47fe1ecead173d980120b9a420a22f0b1
- SHA512
  
  2f4936d61e66f763d2a53e390590af4362b8423affa4fcddbb84e4a8fae17e3f6d1a28cd82921c95684fffe5ed3b5af97062f0d401d3603db8c221922e447310
Score

1^/10
behavioral1 behavioral2
- Target
  
  cwbm/config/QQBmUpdate.exe
- Size
  
  1.1MB
- MD5
  
  cd640264fcdaa2c6d1b85f2d25287936
- SHA1
  
  54efc60b1f4d5865febd0c8da41fb84401121b19
- SHA256
  
  e83b51d1357236c4c8cd6bcc79a0e4159185ee5b683ba62552e32112d4d5c3c7
- SHA512
  
  4dd22384ea1c42cc80da8441687a8fe4788b33d5da518af047e4c43aea1576564b01ddf1911d286e4edec7dbabc7e5024b8131473d92357b92436c33a2852495
- SSDEEP
  
  24576:TTn+uC+5a72BAOJmJo7us4ovx/j0sWmAj1y1BCTXy:fnJNp17usR7K1XTC
Score

1^/10
behavioral3 behavioral4
- Target
  
  cwbm/cwbm.exe
- Size
  
  876KB
- MD5
  
  9ee96314a9b0a04583e163bf9377e62a
- SHA1
  
  84e96b98be6ad3a0368a3bf96fea60d544ab66e7
- SHA256
  
  230cd0addb68ca7ab37aa3fe882bccd5c8ab02bd66ea119d831fb2b2210f4525
- SHA512
  
  4f06c2a9b5ed6e4790e01cd5d4a81b6bcdbd0a80e4c1680102d33027df2fa5350327ab45a26083efaf7b54b82c2b7074c0b8815ff182ad747af3e0b0be4f528a
- SSDEEP
  
  12288:gWtImIpZFikYUrKTukUAMjnmeB9e4sRzTLuXAmBoT53eUZz+7Z1Zr9N1:m7i7UrKTukEt5YTL/vTxD47T
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  cwbm/更多QQ辅助工具.url
- Size
  
  78B
- MD5
  
  d059a0c8b7a27095fcfdbfd90f5e02b4
- SHA1
  
  a3294b61fa58c79d39bac9cc78550c572c47753e
- SHA256
  
  64c64ecc57f2bdf9ab38122dac815af54a94bee807458626466398ced9c4fa36
- SHA512
  
  960daf34b4d4bbf4fd479084a081de4dffebc7d87ba60802f12be5efeab0255d35db8dc6da2d0c7356f433d9077a1122121e86f937490acbdc39a9099c1eb4b8
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8