Overview
overview
7Static
static
7soft/SuperKiller.exe
windows7-x64
7soft/SuperKiller.exe
windows10-2004-x64
7soft/kille...xx.exe
windows7-x64
7soft/kille...xx.exe
windows10-2004-x64
7soft/kille...un.exe
windows7-x64
7soft/kille...un.exe
windows10-2004-x64
7soft/kille...om.exe
windows7-x64
1soft/kille...om.exe
windows10-2004-x64
1soft/kille...hc.exe
windows7-x64
7soft/kille...hc.exe
windows10-2004-x64
1soft/signa.vbs
windows7-x64
1soft/signa.vbs
windows10-2004-x64
1soft/xavengine.dll
windows7-x64
1soft/xavengine.dll
windows10-2004-x64
1soft/新云软件.url
windows7-x64
1soft/新云软件.url
windows10-2004-x64
1垃圾病�...��.bat
windows7-x64
7垃圾病�...��.bat
windows10-2004-x64
7General
-
Target
e55bb809184a6c5b1680c7a53c693403_JaffaCakes118
-
Size
2.0MB
-
Sample
240407-tzljdsha87
-
MD5
e55bb809184a6c5b1680c7a53c693403
-
SHA1
88d0cbe1c8cfb510a0b38c29470fe9ec3a2fc654
-
SHA256
a16ba4ba473103ab99e0d9f386afe3e3dfeb527178b2a48d613759346b3d309c
-
SHA512
6e19a6272b8c93805924e69e26f4b63095fa8a2aedbff2d7f0f6720b845cac62ce097d4c9235ad0a2101a52a5e9087ba3f1325a9fe6bfd48f0b172b6d1840b1e
-
SSDEEP
49152:tzQlXh5BiyUZm+VaEWn5XlGLjMecJhpak6Nt9rm+H/Htjx4S:tkZhayUZVIn5X0sNn4kGV5WS
Behavioral task
behavioral1
Sample
soft/SuperKiller.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
soft/SuperKiller.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
soft/killer_ati2evxx.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
soft/killer_ati2evxx.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
soft/killer_autorun.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
soft/killer_autorun.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
soft/killer_dummycom.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
soft/killer_dummycom.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
soft/killer_javqhc.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
soft/killer_javqhc.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
soft/signa.vbs
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
soft/signa.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
soft/xavengine.dll
Resource
win7-20240319-en
Behavioral task
behavioral14
Sample
soft/xavengine.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
soft/新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
soft/新云软件.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
垃圾病毒清除器.bat
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
soft/SuperKiller.exe
-
Size
740KB
-
MD5
7cc51e2ab2a1b0c8e1ee57190a28e37e
-
SHA1
606fca9692b60f95c7ea9e9d3af7439c851c3437
-
SHA256
0b4662454d449abf412c9f45f3669d234cadfdf0f210affb72e590c0414e6976
-
SHA512
04f29dfb64f2192d861cc94b89c0273c38ad5f7c7f6204f18333496e12a9f44873767dac8e71ffa5555dbad20d1a4626c653522911d9b5147408a7ed16254f06
-
SSDEEP
12288:/i8fUvMYOoQgbCQfMr4Jm7H7VTFbDnKasnCI5G+T16lo0UPorNFzG7r6f7094REz:/iWUvJ7QgrMEMbrWCI5G+Z3HorP7rRdQ
Score7/10-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
soft/killer_ati2evxx.exe
-
Size
109KB
-
MD5
3db309a0389791682a5c454ee31cb0ac
-
SHA1
26badd1ee45d7a65ec179d9269dae4d3ce59ac22
-
SHA256
91a45ab539045fd60817421ba50f2c25b794776661cc0c36215b6f242c6bef2a
-
SHA512
c3e92986454b61806746eb61045c9d5af8a59bd4eef386f8ef0442ae3c9602d98edff0d34a9f969e86a4ded9ed9f2b820b0ac8c1b3a9083784473f11c2eb753a
-
SSDEEP
3072:OqcUHtFGNGmasLSI/v/i/Xq6KGJ4R2DyUYYNn1Up/UQT7ajYuZN:PzNYN8eHAaR2DyUZNn1U9UQT2jb
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
soft/killer_autorun.exe
-
Size
837KB
-
MD5
c4a292ebe138baa97d3bde72714ac982
-
SHA1
73e983a34913398b8c2e20ce4a965e0be6d14c70
-
SHA256
6a9c6d9a861a74c0bf04bfffb6ca76ee8fe9f8970fbcce4764b70fe16cfef1f7
-
SHA512
865ee51847f93bc8edef13ff1b48b0860edacb8611a11d18e1c9b3280851eb18ed410a1faefb36eeb56492cd3db2cac59245f31d095b74a187d7861573e9035d
-
SSDEEP
12288:kzy6rRxEUzYM3Brs0l5xa8eZQl410CJDrkQTnIfcuGUVYaeVmnGCdn8pcHvG5RTz:X6rTXY08ZIqHkRUuTY2pCOGzz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
soft/killer_dummycom.exe
-
Size
416KB
-
MD5
96d1554bada1c141ba343f673472afa1
-
SHA1
a82795ba37f367ceec39ebab295c2dc93b96cc16
-
SHA256
b4ecfa07a64e009519deed2e8266b3e6e1f16afcce68b6b2d2cae55caeeb246e
-
SHA512
ecf7753d2ccc1593e187f2045a1c13460d708061da57e9360b282916d6b1f8936a83aa1a50b56e1e2eeab67a731e6bafcf44fdb89de879a2b42136fbaaabe6e4
-
SSDEEP
6144:AdOApXUez8ZL33VveOhwtQXGQOJVIvzBWurIvzscI0:AAApXIz3VGYdTOJVIvzAu7M
Score1/10 -
-
-
Target
soft/killer_javqhc.exe
-
Size
320KB
-
MD5
20d1f117385e86da6732bfc14580a621
-
SHA1
8a72cc31ba3e2c25f21bcdb4317ef0efd9d2e3ea
-
SHA256
c33b83e11d878cbc28aa069d4c8f209add478e6fb958366c96f5507c814203e5
-
SHA512
bc0bb882f6ce7f8a15afb4bb45a88f2c4766385eb498bef8dd61ba506fddbfdcc7ddd3203561868fa77f7a6d8af4189d325968cc2e330e52a28a2778dae88d58
-
SSDEEP
6144:a8U2qy6rRZb7jxGYERJeA/4GPjPXJ+CrnEmN/Gyjq2lmvxvp57FGIJXy:Ezy6rRxEbwuLX8CrnJGy22Chp5c1
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
soft/signa.dat
-
Size
11KB
-
MD5
0a2eeb8e102bdb9f0b90d2623e01b497
-
SHA1
e3e56c6fcf37db898332eba52f762a4260dbfcbb
-
SHA256
0fde90b6bb30fdff6031b120aeb425094c1033fc648e8e3c58e2714a6ca39aab
-
SHA512
d06f1437a8b8467a1c38017858fabd9e8b32e0c201ab69d724cb17cec1ac2e65c06690f2171e5e44581d0d5757c2ab04364c321d958d882ae4165a5287e46557
-
SSDEEP
192:Y2w+tvzDA0i+PVGeg6itB6FZlsBdTr3R/euNHYM2Knz6jugjGXAYf5t4:YwnAiGeJit24DFeuys6KgjGTO
Score1/10 -
-
-
Target
soft/xavengine.dll
-
Size
177KB
-
MD5
eb0c3c2fc235454e5a2a5abd70171efe
-
SHA1
c8bf5cc65189340952cb12b47f936568431b963d
-
SHA256
7e8ccef074e467dc5ebd5571f9039b497432647d2ede3f9fada313e81555cb85
-
SHA512
1acf2fc1e119b2c50dcafd78d6ddbee2a6dc9dd130e3118be26557fb05888978822315e83de3366247d5004add51ed08f004f9a131c04f23cd7758c7394c18d9
-
SSDEEP
3072:pPAT7wzh+wPr6olWSz1CKaVwZRtX0mpPCUrtQ1bAL/nRn5HAp3W9McU0eqnXd8fQ:pPSwNDPrnRn5HY2nUwXdHQbSXLD
Score1/10 -
-
-
Target
soft/新云软件.url
-
Size
133B
-
MD5
4f0017b3b346bd0626f0c3b915e6e734
-
SHA1
823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
-
SHA256
df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
-
SHA512
0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score1/10 -
-
-
Target
垃圾病毒清除器.bat
-
Size
2KB
-
MD5
0b042960026d34f7c69fd7289ed6b7f0
-
SHA1
de024ae96279c74aff2e4d22e7dd6dca0850cb15
-
SHA256
b75016919c6464c1242771825fa39ca18daf7afeedf83ba037f4474f175721a9
-
SHA512
354a980135aef4e872683b245eb00e3527df5124c021356964a156fc087d8e9fcf1f6868326265b23f1c8f69554fbe4393095f28b4adb51be90d099f6acec5e5
-
Deletes itself
-