Overview
overview
7Static
static
7155绿色�...��.url
windows7-x64
1155绿色�...��.url
windows10-2004-x64
1baobao.exe
windows7-x64
7baobao.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
1bin/_capture.dll
windows7-x64
7bin/_capture.dll
windows10-2004-x64
7bin/_ctypes.dll
windows7-x64
3bin/_ctypes.dll
windows10-2004-x64
3bin/_elementtree.dll
windows7-x64
3bin/_elementtree.dll
windows10-2004-x64
3bin/_flv.dll
windows7-x64
3bin/_flv.dll
windows10-2004-x64
3bin/_hotkeys.dll
windows7-x64
3bin/_hotkeys.dll
windows10-2004-x64
3bin/_image.dll
windows7-x64
3bin/_image.dll
windows10-2004-x64
3bin/_kit.dll
windows7-x64
3bin/_kit.dll
windows10-2004-x64
3bin/_win32...er.dll
windows7-x64
3bin/_win32...er.dll
windows10-2004-x64
3bin/baby.exe
windows7-x64
7bin/baby.exe
windows10-2004-x64
7General
-
Target
edcdbe783499408e682d6ef3d70b20e7_JaffaCakes118
-
Size
19.6MB
-
Sample
240411-tewtmaab8w
-
MD5
edcdbe783499408e682d6ef3d70b20e7
-
SHA1
8a9eb2486632f22488e363610f322e62aec27713
-
SHA256
c436273967199e5ccebbe0020e71f385e7d2a6e4fe57dd61bf9d204b953f29ca
-
SHA512
e5af12091e777358df42ac4f10cfa0471fea37cf4a32bdcfdad14eddb6f3da62ea5f8b7f46a99d4e557933e3784c3c990c81b59de368b1daa342a3e227296261
-
SSDEEP
393216:nZFRWDx9uTwHos56fVInAVt+78R8f/2Vztjps2Qg5Qdwvaz1DTcxYFr41em1:ZFR3vs8diAVtz6n2Nzsdwvg1DTcxY947
Behavioral task
behavioral1
Sample
155绿色软件站.url
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
155绿色软件站.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
baobao.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
baobao.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
bin/_capture.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
bin/_capture.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
bin/_ctypes.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
bin/_ctypes.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
bin/_elementtree.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
bin/_elementtree.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral21
Sample
bin/_flv.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
bin/_flv.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
bin/_hotkeys.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
bin/_hotkeys.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
bin/_image.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
bin/_image.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
bin/_kit.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
bin/_kit.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
bin/_win32sysloader.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
bin/_win32sysloader.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral31
Sample
bin/baby.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
155绿色软件站.url
-
Size
219B
-
MD5
3a1f2a8a3ef08ae269517a69ea918b2c
-
SHA1
7d2e6719702bc8472e045e010efa6ed3f7df4b5b
-
SHA256
66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
-
SHA512
22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score1/10 -
-
-
Target
baobao.exe
-
Size
19.6MB
-
MD5
c5d68c3c3818e7bd6ccfefc3488266f2
-
SHA1
9141d2c4a9d1c534583996cab4b9890b1945ca4f
-
SHA256
1942b3019e086f1907bea72bd4a865ea954d07bc3a8a619775e0017072c91f90
-
SHA512
88a46e5e586fbf296f6dd0ca67acce89c30d0b6086d40c3d97f9c38a62579c45e72e29e5c514f8f72e2baabc7626f1596f70e9d32b38844e80e1a32d0c55f65c
-
SSDEEP
393216:9vtgMZeNKXdHaFMVjg+xDZ1WD1N0u4spi9PdRJSHc2VEmmd4bafOCYUH:9lgJNKtHDNgoZ1SOugPfJU/I5fDBH
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
2bb3a180348b2b3d155cd12b9eda0712
-
SHA1
1f3e94f5457502ce59aee891275288f88739f367
-
SHA256
944bc80b57670eb187bdd59250f77af6ab657a2cb6ede3621139d8c04d57eec3
-
SHA512
d555b890910a8a729e37cd69fb612d5d7efe76f2821995b3c7b532d663d5993688692d8d5be6f97f683daaaf02683a134c69f9ae6710a7e005dc7cd47cce0c55
-
SSDEEP
192:k4lsN55M8r67wmsvJI5a299sfoG8I+WhPB3RY+h/G3DNl/qYcVp/12kgszA:kysdM80dCI5a2LsQ5IlPNRY00AlAYU
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
3d8f82aa21fd7861890594027f39879f
-
SHA1
5fecbecabc15f639c7b3fb57400f6ca6e192a73e
-
SHA256
4bc38ffc6d1b09108be0031874bbebb3bd892eac86498c76a60a33c1e3c80d9e
-
SHA512
28ebf820047a27e3a7f0f2fa593af5492e27dddf62ea0c2ca633840fa68fb8b893b1c194f8456869d175eaf5a34f6146fb01f95898007ce19ed29438a1fee65e
-
SSDEEP
96:Z+BBC0x22epxPEvC4FkWE+in1/FMvsCGRfRFqCB5t5GhEl5VN:Z+zepxPE1r8/FtmCDtwg5v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
0bbcbaee7b703ebd55cd8658a0e8dcd3
-
SHA1
6ed448b8b67cea36eb45bfbc67fed9a6da9623e4
-
SHA256
e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6
-
SHA512
604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008
-
SSDEEP
192:WO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1azgMO:TKAFERdlxhGRYUzqZaz
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
8KB
-
MD5
9119c6371994557db43f61887dbec301
-
SHA1
f43aa3a2547c61a0f9d6f7e975da0a475f973c28
-
SHA256
562e24d6cb190f12ca6f4b2943874fd6a4e434a7fcb6efefc18af66c37aa1acd
-
SHA512
efe8fe0ad174edf0301fccbffb820064f0e6dbbda20d4b2107cc937f10ab40d0e5f98c9e91023823f7c50d7e551ba63ffd7953d9e312ff827b4471e3e39c593a
-
SSDEEP
96:r55NxaBY5vP/PGfMzqu/ODzNIZhyGE1xQR0r6UHpYkUdiU+:r5gu/AMXUz+ZhtEA0r6UJxUd
Score3/10 -
-
-
Target
$PLUGINSDIR/nsisos.dll
-
Size
5KB
-
MD5
69806691d649ef1c8703fd9e29231d44
-
SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166
-
SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
-
SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
SSDEEP
48:6EyuygeHCfxwU5x+6kx/k1gONv27oBc2OkIrHHl:VeHCf2762kKsu7oGjkIrn
Score3/10 -
-
-
Target
bin/_capture.pyd
-
Size
884KB
-
MD5
a23d5e1ef466a3366a583ba3b8453a7c
-
SHA1
12bcd5c86ca8e595ed333cf064e2efb2d9760c4b
-
SHA256
0e318b33bd6bf56993e2ce8e05aae1fafab2e04979f19d76a8b9581097bb2fb6
-
SHA512
381c79a795f94de06f34788130b8d5a9437f65e9a9e9fb6626dc9cfb3480ced43ee9e54e5e69cca77c49571c76ff2f68e1673f3e0976696a848e0b64ad4a3a0b
-
SSDEEP
24576:vqaQ/h7yyPY/74OpTc1RYdLVOXdEWU6oDLDG9Y:vGh7dkdAf91UhDaY
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bin/_ctypes.pyd
-
Size
76KB
-
MD5
c09feb426a80d847662a08912fb95656
-
SHA1
d843dc2470c358d6f7e02031a8b6feb1e78f6b7d
-
SHA256
da13608df8b7655970a958390a91b74cae3b73ed57d32c37444785cc1f2f06df
-
SHA512
5374e9ba137263f743c2112dc2c3301cdbecf8e7525a5d87a473e89e8e2daff913bdc214267c0ad18ebde7602dd88bb28287d0dc55b4c4798b4b798de856d2ff
-
SSDEEP
1536:GCEIcOlHOG9WCet34H8li2FTSTiTdFaoRNuv+iiLWJXAs0fLlr:GC/cWOGyt34clikNuv+ZcATfLR
Score3/10 -
-
-
Target
bin/_elementtree.pyd
-
Size
123KB
-
MD5
cc17beade39e1d3cddfc7f8988d577b9
-
SHA1
d4f00352daf380f327d2b03b734ab9ec3b7f5d02
-
SHA256
217f4b2a8747ac1088008a0ce0844fad8362414baaaf9b6053fe1dcbdd28203b
-
SHA512
70a8dc7b3daee44dfa816f8f431bcdb68427a9b56d98ed7b07d00830fa65080fd36e1293859263ffa34983bb7e1e7c3213534d1d9165f88aacd96f8181b20926
-
SSDEEP
3072:MlWqS5YJqA7/pA947nCvCFQOrq0G/SWtKK8h:QSaJlTplnGCiOW0GND+
Score3/10 -
-
-
Target
bin/_flv.pyd
-
Size
223KB
-
MD5
9b9665dadcb8329dc7d00c7341956309
-
SHA1
6037aa9671697ba1f399298e70d5dd508ce9d9e1
-
SHA256
4cc2fb56bd58c44fb80792983914e44ea7b5e39ae7d2d9f5212f3a95cd88361d
-
SHA512
aad23912c2a25c01650771918926147273dc17ec2d382a2142b90d8f3879a71d8bab035f0b40f6514f8cfc19f069d49c15dcc7982ee1c65b80ab1ba4332cebc3
-
SSDEEP
6144:b7MtDUAQuxlJlWixqfRdx1Fn8cBict7mOtxdza5:nMtkuxlJl/YfRdxHnBbxw
Score3/10 -
-
-
Target
bin/_hotkeys.pyd
-
Size
17KB
-
MD5
e863f2497dfcdb733e91952266a9fb3b
-
SHA1
a18ff5b08b037334b5b5a155683e336a74f52164
-
SHA256
f2751d2ef544b345ad4164b47bdc3464787e9d1aa6ba29580333045bb1ad2f2b
-
SHA512
9b826191e6d5c7b1a11e3cbd86d9d9d7ddecf8a22fdc69a74f4edec3e94c5faac07cce70edc7e222ac9afd676831490af6716355b5595b356ce3b8b15d3d60fb
-
SSDEEP
384:mGZbtniJWQ5Xhoi8Da2vOflbtMgiPZ9+VR4yIPeD2OKf0NoES:ms1iJ7xod+2q6g++RiK2OKMNK
Score3/10 -
-
-
Target
bin/_image.pyd
-
Size
272KB
-
MD5
bb0ffdc81a4c9986b2ceab4eb4e40ace
-
SHA1
091094e73d3b1560d8bda2e75424949a0d172342
-
SHA256
0ad6aa0f21c938e8419c31bb3cfa72b21b3b149e424f46a3f0e5adf26a33ec00
-
SHA512
11adfd546e16b3654e2063b99a7e4ff984c97e14f5df31a579eaf96dcee547630c4787cdd520bcb696d5f0e4e80fac4483647be72f20d2d0cd132a280a288ec2
-
SSDEEP
6144:C3xrNuZROSSO1cGsLWDmrK7ay9rZJYnBjVQTBqzRCOKD:C3xKIE1cGbaT8r+cTsz
Score3/10 -
-
-
Target
bin/_kit.pyd
-
Size
212KB
-
MD5
a82b4d4dcc53cac93ee947343eaade79
-
SHA1
42cac9ecd6d1427d6a327bd75542bdde2aef5155
-
SHA256
c94c74a6a0a8670e383d1845ed08b498ab282cf01d5931f8500a207f83dc6d08
-
SHA512
20c3eda101939b2895cbded4ff8ad909f1a5c8cd1f77d22052c2501ecff5cec4949c28d1ca0b7e97dcdbf921e9652263daa766eb7a8a75aaad7023745dd2c467
-
SSDEEP
3072:E2HbdY7F3C/CFgQ88wuig62P3vdw0ngXZc/7tAKpBSHOeOjMXbHIpiNH3tdNFKx5:E2a1Zbig6xR85cajwNH3yxSuhOKS6H
Score3/10 -
-
-
Target
bin/_win32sysloader.pyd
-
Size
8KB
-
MD5
96e03886a276eef318400d4bf45e9188
-
SHA1
6ee990f2f666bc4091509a4e911156635e9b66f9
-
SHA256
f48112595d64a1dcbd330cf1c6036811bc88aeccc4774a8ddeda1fd7434c6c6f
-
SHA512
70c823957beae128e2283812d043d5d3bfdecdeee9cd155ddb586ed3f066b1a568b5ec43f64bb8cde8637c05f745ba7b067201f56f66b8ca26910b3c8aac7333
-
SSDEEP
192:AeHcjD5F2WsUGhPjfv3wm3Xpo6MbrkjOOP:A1P5FIvpjAaZo6M0
Score3/10 -
-
-
Target
bin/baby.exe
-
Size
1.0MB
-
MD5
98f5ae4dd09008592f24fdd11c2805d0
-
SHA1
d22db12708152cdc5684a4eb65587186d92db0b9
-
SHA256
b51dea8831d7f2334c3e6879ea27a0e33e09a94935a8f30325fd6928327ded05
-
SHA512
b6e586f8ed4fa051dd0010017f0b637945d4d75f218814f22d8ef5afadca6cbf87b20884d2b0a5487d5b7f3b7e315fae45a04fd666b00f6c460e5c6e4985694c
-
SSDEEP
24576:6f6m57WftWWHm5ksMdt+Rtp2XvX3xOs70ZEWcu6GicX:6N5kDABQ0tp2vR0KuKcX
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-