Overview

overview

6

Static

static

3

!)卸载.bat

windows7-x64

1

!)卸载.bat

windows10-2004-x64

1

!)绿化.bat

windows7-x64

6

!)绿化.bat

windows10-2004-x64

6

background.js

windows7-x64

1

background.js

windows10-2004-x64

1

captured.html

windows7-x64

1

captured.html

windows10-2004-x64

1

content.js

windows7-x64

1

content.js

windows10-2004-x64

1

debug.js

windows7-x64

1

debug.js

windows10-2004-x64

1

document.js

windows7-x64

1

document.js

windows10-2004-x64

1

welcome.html

windows7-x64

1

welcome.html

windows10-2004-x64

1

welcome.js

windows7-x64

1

welcome.js

windows10-2004-x64

1

IDMGrHlp.exe

windows7-x64

1

IDMGrHlp.exe

windows10-2004-x64

1

IDMIntegrator64.exe

windows7-x64

1

IDMIntegrator64.exe

windows10-2004-x64

1

background.js

windows7-x64

1

background.js

windows10-2004-x64

1

captured.html

windows7-x64

1

captured.html

windows10-2004-x64

1

content.js

windows7-x64

1

content.js

windows10-2004-x64

1

debug.js

windows7-x64

1

debug.js

windows10-2004-x64

1

document.js

windows7-x64

1

document.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51

  • Size

    4.7MB

  • Sample

    240425-anwenscb4z

  • MD5

    837d3ce5cb8ae707eb64a0f6533a1fe7

  • SHA1

    7a0322fdcfc5e4bad02df5a3543558f12e9c4883

  • SHA256

    f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51

  • SHA512

    cf0a75834f8307b3bcab93798cd75f00c6de6af4461d1d4bcb5a693dc96b8dd3fedfeb8ff7a1ea71fc0cfe4e47c6f9221245a87ea58e1872cc28dfbf502f1cd6

  • SSDEEP

    98304:oeI4KYSgR4U22Q2sIR9AefAC9Ru+fmtMXSl47XzUvs6i3YE/:oeIp44H2QvIR5fAi0+kMXS+j4vs6if/

Score
6/10
adwarepersistencestealer

Malware Config

Targets

    • Target

      !)卸载.bat

    • Size

      15KB

    • MD5

      aff65aeaeb135c7415f7085f5e891a5d

    • SHA1

      0d0d12bef62c3e9a298a1df6076c6ef2c0015f7a

    • SHA256

      09dd0195c31919a1a4458ffa25646bba14db7a3cba297b90e268fd51c5dd95c8

    • SHA512

      4aba5814790eb74ca7632427b4ba51fdbf7cdd1fddfc71a35fccb30abca5329c5a1420f509f6b6c46825cc5de0480324836bb294327d36cec705562dd1aec25f

    • SSDEEP

      384:MCFmoOfgEBLkHr5kkBQUsnLow8jqOVAyF+uVF+uS:Hr5kkBQxLow8jPVAF

    Score
    1/10
    behavioral1behavioral2

    • Target

      !)绿化.bat

    • Size

      14KB

    • MD5

      0b408661418bb364e294c75b81a214c6

    • SHA1

      9d41a6b57ea3df7832dcc1f8a9b2ed9f28f73a10

    • SHA256

      cdc68a103d064e2d1ef44d2572b26a08b7fe6d93467ae0db833365c02a2e3fbf

    • SHA512

      dd9558b536fb15ad8fa6aa446946095e195054817843225b16ebf27cd40d3d70d2290232cdecfbb85b317446be10bd53c9afbb775f8a7294b09b6cdf877ca970

    • SSDEEP

      192:VsDJh55UNUsNfMTiLMHRpLYH+XgT1NzgPGvobdA3L1jc3j:Vs4NUsfho3j

    Score
    6/10
    adwarepersistencestealer

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral3behavioral4

    • Target

      background.js

    • Size

      56KB

    • MD5

      6abfba1dc9576ebf3445d1bd6420b176

    • SHA1

      d4665fddc6966b979591132498984ad9732de347

    • SHA256

      b278e786ad6fa164cc9bd36a4772934ab5ecf6a51bc6759471e46af6e3792ba5

    • SHA512

      052b376498e0588f3184b669ef69b59fec7cfa8a1d995c199db4fdae75c1ccea373d8314b457f7243b3dc69cbc60bf2ef0f8261e7890b12fedf7a34c43aa5a1a

    • SSDEEP

      768:CzsOTZ2lk15sMVRtcZgVTf7S5FAuCrVfNMNXLgDAlBUuFdy5h9gOpabpTutM:Gx51VamjXCEDeFdm9gOpUpb

    Score
    1/10
    behavioral5behavioral6

    • Target

      captured.html

    • Size

      2KB

    • MD5

      db2e8af1d8f739af1cd8c815d9218508

    • SHA1

      de13db0f927a7b183acf1e0f20a95150e038aa6a

    • SHA256

      4de065d8d104042f972c97ce9b3032ffb8feaad117e4c6526a735fdee0bc4d47

    • SHA512

      fd7bf1a72a5cd10c2721b743c155aabeb41a886d1f0859a68a28d2c2558e737b43693dd55e6e25de2ff5a4218081c78d6936213b2d6434d518ab2ee2c0a0e595

    Score
    1/10
    behavioral7behavioral8

    • Target

      content.js

    • Size

      19KB

    • MD5

      d2c5a23bccdc4ca635f88476867e4398

    • SHA1

      61593e85fbb95a0cfd01b860db2cc583184e0eb5

    • SHA256

      0f5e586801349c1b071095c09c02f5ae5920748567532d180d761db9e2b467c1

    • SHA512

      8450518f4716b186a4b0e3efe3b80195886985faba74f3ec90e2fc78bc5362e4ec68ae5abd0e413c98072157e567900c9e354af4089f6a2a795b60b3c4d65c0f

    • SSDEEP

      384:Nvu81uH9wLTIuXfUo5a6VHjk+ms3FYKbgL/RTcdFLs1yqBoj8fVCtaIwoIDKSH+6:NW8fUoVVDhYKe/x8Ls1yqBoj8VcsDKAX

    Score
    1/10
    behavioral10behavioral9

    • Target

      debug.js

    • Size

      1KB

    • MD5

      a1f52a720c57680b5d90a5ea4d20fcef

    • SHA1

      da46396621fbe0edf3cfe1d45dd6d253b4eab831

    • SHA256

      5e3656d9e09e2c57550d91920682fa6912df0c8433ef59a15c5d7bfb7c75e5d4

    • SHA512

      727ae3613a389b9cc9a879138879ae6e3f862ab59c1ed6e06ce7513a0e0b37b9ccf30ec943a2b56c5de8c033216639b5770bdaab729544e3f62ed88c4583d17b

    Score
    1/10
    behavioral11behavioral12

    • Target

      document.js

    • Size

      1KB

    • MD5

      d614c2ff32aee4c1062c1348e6011f76

    • SHA1

      a8cbb1e47fcad77f29fbe2f146766f85c34d73bd

    • SHA256

      f6ac16efd6bbd9216534bb9088907d5d6a5f4eed16754eeedab93dd783191b18

    • SHA512

      49f7758cdfad6384a668f7628330eea9fec4f8f9da09ff2dbde9d2f6494acb78afab6d7554a2ef5f458327e8cb36d69ddbb210bdc99a47dc8f84a9044320fd56

    Score
    1/10
    behavioral13behavioral14

    • Target

      welcome.html

    • Size

      7KB

    • MD5

      1a1928c38b5e2f1acf062a74c9153187

    • SHA1

      088698833a10687ca3051f3dc79f5fef2bb7b6da

    • SHA256

      d0a6f9a7fd7869c67fea17db8e236629c64a4f56b4babc8faaf74e224cb40806

    • SHA512

      95e1d9d421ba9f117af2aacd2b4c446d72868adb2234e5db55f528f687f8c8bafd73312c16509ace6f6b70d89763a1f8518630895b91203fc2c1cac854fefeda

    • SSDEEP

      192:/ToaZDMPHzAuqcTLrpZBN2zGyX7JTM3M5ZldazmaxNWkiErPe:EaZyH3rTHpLNhiFM3M5Zldazm2NWkiEK

    Score
    1/10
    behavioral15behavioral16

    • Target

      welcome.js

    • Size

      2KB

    • MD5

      c852d6b886f2485ba5a2fc8dcc67417a

    • SHA1

      15870f45a004abf8f2ff2357aad4db47036bbbdd

    • SHA256

      5ed495933a7ba01c8919380786027fc0e8a506628a079b63e775ecea097fa3ec

    • SHA512

      f9c97881ae00f4bd4a05de55f0be8b5fed6d30e0cef7959f994cc334d9a617dcadeb304c781de376c6219e9b6c466349e3e9153a727133a269c151bc717a8990

    Score
    1/10
    behavioral17behavioral18

    • Target

      IDMGrHlp.exe

    • Size

      507KB

    • MD5

      3f3303af5b33d751bb1152110a807c7f

    • SHA1

      aafa70b0b787b3009ed88016094ba5caa2725f68

    • SHA256

      db273cc8cf91a1df241b7511db392524cbab6c40f8df7d8535ace4b51fed9ffb

    • SHA512

      46c107e825dab0a9215ac2d53159e7f41aa8d548b28dd1085a22550b5809e92ecfd684c146adc7c686e2abf00681dc7e37d4d459a53038b2f694ca290d9375a4

    • SSDEEP

      12288:Bkj7m7bY95bVvxuWxrrv3bE2Xaq78vODPFagF6:OOQvxuWxrfE2Xa9vODdagF6

    Score
    1/10
    behavioral19behavioral20

    • Target

      IDMIntegrator64.exe

    • Size

      27KB

    • MD5

      41066cce37e0d22bc96e6393dd492d80

    • SHA1

      abd0ef829a5fe3a0d7059567a3e58b7e73c1f67c

    • SHA256

      caffd6fedeb8c5720725171f2f72b977dd22e98db1ceb053ba14c130323e4465

    • SHA512

      bd8efab29004c860c8390f076d9a619a7abe597c2004ab79c1c1d8c48c6e9f21e3e68ba50d3bf22a50b6923856eacdbb89f8b1f2236352c198e0b745c811cf2f

    • SSDEEP

      768:+31WTjngURwlA+05yoiHiiYiljAMxkEnO3Zn:Pj/ilZjHii7pxGn

    Score
    1/10
    behavioral21behavioral22

    • Target

      background.js

    • Size

      56KB

    • MD5

      07d0153ead1eb9c123b01539e5e6d678

    • SHA1

      77588face7bd77e26330dc5bed45df67328a3ea6

    • SHA256

      38c2f8b86e7c7ad862f73fe626a71c5758cec3b885adbd4c4877aaf4dc0e5abd

    • SHA512

      62bc44b39dccf9353cce2d80988adab7dd7d1803f9743ae6a9333b142619f30e4471486aab8e28cf99178ff11007e0e20e0fefd9f8a18a309daba64b844d6aea

    • SSDEEP

      768:CisY79cJMAIJFOZhr0ETj4C/tdM69xe/ka9mWczCyZfvgPuUS2vTHDRp:zRAb02DNGMaOzCyZXgPuAvvb

    Score
    1/10
    behavioral23behavioral24

    • Target

      captured.html

    • Size

      2KB

    • MD5

      abb5f32934aa4248273cefd94eb758c7

    • SHA1

      3a8de485321ce6d7ce6dbaa7df58cdfafbae4b44

    • SHA256

      f3c2a6a1ef8c5e3776f9ca461a3b3196ba85e20073a4d1acc64a21e63c75a661

    • SHA512

      e8a1b8454db9921a676a33fec386ec37fe620a585cf762a851e64531ea761719af4b124cc0c0d7db28f357e19aebe8ecd6155da6fb4897fc4ae7a472f077fabd

    Score
    1/10
    behavioral25behavioral26

    • Target

      content.js

    • Size

      19KB

    • MD5

      cbe267c06894eb915e07a434bee2ea2d

    • SHA1

      8a40e5b581af3f95f9cbf4f7ab2ca05e86ccb442

    • SHA256

      a94aeca583edeb4b01b60dd0339a5ec96229549d94611fa42ee157d6c929f3a1

    • SHA512

      81fce40fb81dbd253cb8f40883aac676e9de9eb3239ad950ce9483226896224949c5986d331d73bc49c0b0e68f18a76bc64b4da9920f91019ba2f16e33b0edba

    • SSDEEP

      384:EAFxSiUtxk21ALzJIRGfI8a/5wau7+GRDI7cgH/KKcjTaMkr4cwvo1VySasuo/J4:EwSiUtxk21ApfI8+5wauSGFI7T/lrMkW

    Score
    1/10
    behavioral27behavioral28

    • Target

      debug.js

    • Size

      692B

    • MD5

      2d114b6c8f72048ab789b63ea5ce81bc

    • SHA1

      8494ac32138a4d666bef650c608565567c2bb8a6

    • SHA256

      6f636c81bfd121cbfad707499276c6ed3f8f20cc2af22adadfb59a8b56bbf410

    • SHA512

      60ae7267c6605c287ab3aeb79c98427f9a3d6d017529aacb27dc7c68a8f6bccc62507759d0d9a6ae4773d277c8d9d1a819adea7badf279eb4671d8cf15055732

    Score
    1/10
    behavioral29behavioral30

    • Target

      document.js

    • Size

      1KB

    • MD5

      d614c2ff32aee4c1062c1348e6011f76

    • SHA1

      a8cbb1e47fcad77f29fbe2f146766f85c34d73bd

    • SHA256

      f6ac16efd6bbd9216534bb9088907d5d6a5f4eed16754eeedab93dd783191b18

    • SHA512

      49f7758cdfad6384a668f7628330eea9fec4f8f9da09ff2dbde9d2f6494acb78afab6d7554a2ef5f458327e8cb36d69ddbb210bdc99a47dc8f84a9044320fd56

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

7
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

adwarepersistencestealer
Score
6/10

behavioral4

adwarepersistencestealer
Score
6/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10