Overview

overview

7

Static

static

7

使用说明.url

windows7-x64

1

使用说明.url

windows10-2004-x64

1

极速软�...��.url

windows7-x64

1

极速软�...��.url

windows10-2004-x64

1

金致QQ�...pn.exe

windows7-x64

7

金致QQ�...pn.exe

windows10-2004-x64

7

金致QQ�...ce.dll

windows7-x64

7

金致QQ�...ce.dll

windows10-2004-x64

7

金致QQ�...xy.dll

windows7-x64

7

金致QQ�...xy.dll

windows10-2004-x64

7

金致QQ�...00.dll

windows7-x64

1

金致QQ�...00.dll

windows10-2004-x64

1

金致QQ�...00.dll

windows7-x64

3

金致QQ�...00.dll

windows10-2004-x64

3

金致QQ�...00.dll

windows7-x64

3

金致QQ�...00.dll

windows10-2004-x64

3

金致QQ�...er.exe

windows7-x64

7

金致QQ�...er.exe

windows10-2004-x64

7

金致QQ�...il.dll

windows7-x64

7

金致QQ�...il.dll

windows10-2004-x64

7

金致QQ�...CN.dll

windows7-x64

1

金致QQ�...CN.dll

windows10-2004-x64

1

金致QQ�...er.dll

windows7-x64

1

金致QQ�...er.dll

windows10-2004-x64

3

金致QQ�...��.exe

windows7-x64

7

金致QQ�...��.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30be37ed0de9ff1fb8b04f91df53a08d_JaffaCakes118

  • Size

    3.6MB

  • Sample

    240510-yg72wseb8w

  • MD5

    30be37ed0de9ff1fb8b04f91df53a08d

  • SHA1

    0e97fef85ad3b8139a0c0d9c331aa45fe2f6a742

  • SHA256

    0670a1be17f76a663c39141d1e8dbc27800461e1dcdaefaf0d5d7466fec01943

  • SHA512

    81fdc774e9ef66adff4cbfec2ebf9d04c97b9961edafe80781ce514b1a4cc3157319559dba26d70425d5559e88916569fdac02e05300ce2d8d8860c96ea9ae85

  • SSDEEP

    49152:NcdjqBDqewxi50/TNOwxAjEGlRp87+ZRiZR7oPoBCV6krwqkIKbMrE1OCbe0PlJE:NWxK0/ThgZ3pSwwpCVdkIn0jSY6uPk

Score
7/10
upx

Malware Config

Targets

    • Target

      使用说明.url

    • Size

      155B

    • MD5

      572730ee9e261904cdf0e17b6e0ea309

    • SHA1

      20d050630daf3cad339e7e379e47a79e2feb7253

    • SHA256

      b35e76792cd983a6f84d937409777d29121e9e335315430863cf4beaf6f8f4c6

    • SHA512

      a555eb1ba6f5e57b3ff643ec4d05b2b54a22277f27e931e2d7e780d02c245e5e8d9487e3c89a57737cf118edb51aa93d42871734e87ead31618d45a2c65af3c9

    Score
    1/10
    behavioral1behavioral2

    • Target

      极速软件下载.url

    • Size

      299B

    • MD5

      1362b6386a2252adc489fb757e56b1c9

    • SHA1

      57e373818ab781c3e80c0fe87da73840315d0ffd

    • SHA256

      49524d97ec5bb9bc481c692c1cdf3cd85a2f101186fa5495b5eb46e392d6b8c2

    • SHA512

      1d4cc4e9137c37033ff54fa009d58493347874b55fd16955fe46df25e23a18efd52fa55c97ce46ddbfafc5b7d6546f9383690511b5c1e04bc717f2647dbb9cf6

    Score
    1/10
    behavioral3behavioral4

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/91vpn.exe

    • Size

      307KB

    • MD5

      22f0d122185b6b0120bcf611e45cd6d8

    • SHA1

      36c94eeebf1e792416cd6fef30115053dfb46d87

    • SHA256

      a74887579686843b0c9cbd41ae6d1b2ad184c7e6a81d4b9efb2f1864c70f2ba1

    • SHA512

      68a6ae62a801f5779431ff275ff5e7e9414875b94f4b9e6aa5937e470a90c4c20a19dba86cb3223326b13aeaf3c685000c43ab53b3d20371e2d5ddce6601935d

    • SSDEEP

      6144:kzmKnGDcrNkB5HG9QYQM87p+CC4azquuq54t5XPgNgQAAitfGFOyCuXwL5ceeLe6:ihnXeLHJYQNi4a2uuq54t5XoNgQAAito

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/appface.dll

    • Size

      277KB

    • MD5

      ca69f84b164dd69a96bef1b2761c7596

    • SHA1

      81f352575d8056a8516b9cbb4f73b8c0c6730c28

    • SHA256

      e6870e771feb8095b42f03349032cc08ca01948b6672ad307f7355232970e895

    • SHA512

      f9ffc2ae28cb596f4c010ed860275c2ee2bdf96ac34ee2dd3b20bcf1c636d1f760ece74946c10eb41a031b61882a7eceaeac8b70e6a1d8ca03b02ebcaa38f857

    • SSDEEP

      6144:FTa+ar8WYs/v9tS08ttqgGEp2zL6UQHNWgb5sZN4rZ2BYejlNTqFg91k:FaDxlx8hngH6UQH3CZNkI3O

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/httpproxy.dll

    • Size

      105KB

    • MD5

      16848d947d10770269512554a0defb7d

    • SHA1

      5299bc40a1944a34537904983af7b61ada6227c3

    • SHA256

      41a8aca7eb8483243676f2473cd98de507d814fdd7db81653c0aee0a69cdaff9

    • SHA512

      5bde5b62b30365ce14f94d7546ffa015f4c07435211078c5e8767886b1438e361763c09d3e9e05193117e3c5e57bda048eda211b5e36132139ac690b5eafefb8

    • SSDEEP

      1536:e8/zU/fGxBhO05YAoEYH7Th4F9dxMbRSPkJsBTAALlkWtOnCEePRQyo:tzU/8hOOxce5+beBTAALJOnCEePCd

    Score
    7/10

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral10behavioral9

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/mfc100.dll

    • Size

      4.1MB

    • MD5

      07bccdcc337d393d7db0b2f8fe200b3f

    • SHA1

      5a02b227cb0a22a8e7884cd138c3e8568d083d94

    • SHA256

      bf38dda13b938b49a4df72b6477342373ee6e151be12c25cb0c17662fcb4bcd4

    • SHA512

      e5637727a549cf7b88f13474097a71200f0dfa511ecd55c5a42e5f53e9f86ce8b7ce763448830fd073e232876f7537bad96f2ced8d3159558778460264d07639

    • SSDEEP

      98304:BZP0PvxMJfTcXPSo0akd+BPSLC4IEy+XNy136jCfsqLhDIJJGN8mFLOAkGkzdnEe:BZP2iIE80qLrHFLOyomFHKnPAG

    Score
    1/10
    behavioral11behavioral12

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/msvcp100.dll

    • Size

      411KB

    • MD5

      03e9314004f504a14a61c3d364b62f66

    • SHA1

      0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

    • SHA256

      a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

    • SHA512

      2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

    • SSDEEP

      12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8

    Score
    3/10
    behavioral13behavioral14

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/msvcr100.dll

    • Size

      752KB

    • MD5

      67ec459e42d3081dd8fd34356f7cafc1

    • SHA1

      1738050616169d5b17b5adac3ff0370b8c642734

    • SHA256

      1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

    • SHA512

      9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

    • SSDEEP

      12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5

    Score
    3/10
    behavioral15behavioral16

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/updater.exe

    • Size

      75KB

    • MD5

      1bf4e650ace71c93b6b768db6538fd5a

    • SHA1

      9b4d3ccb7dc6db7167b00a9720b60f23c6237d7f

    • SHA256

      3609ea382a9ea5fde45e9c7281a81e3706534a2a4db6bce068c03c07f9dee0b5

    • SHA512

      c24882e9e131ab609f4f92d8824c444922d86c0b8cb5b71617bb4646c2abe59bf4030dff910dc0f38b7e7e559a37311512a762c08d47b77e4fc04643ef3e83d9

    • SSDEEP

      768:Pf6DuCdfJSyQ8wXPGjH+9LE+31lwPfJHp4fgKIj6n9+6gOrGdzRleMM2DQvcZL+U:36qwS2y9LE+3DAHp4AVOS9eT2Dbqa

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/vpnutil.dll

    • Size

      750KB

    • MD5

      2a85f60ed95582d66ebedeec374ea64e

    • SHA1

      ad1b515b0b72e6d51563e89f40b23e62630c39de

    • SHA256

      163399e825d23c9c019a9bd03a58328d365a5fc9f80af1e516ca7412de2c49e6

    • SHA512

      cb2766a0bcd7f6979831f004e84b15df18ba33ad11d6ce20b6432845074e8249de72c906cd4900576831c21d09940b9e30b701db839b0aba299ff364d9e8b458

    • SSDEEP

      12288:3ysfcCzYEjeYL89XikxFkPBs+OeO+OeNhBBhhBBdlrYj5cEwmco0LgUdj:lzYERL89XikxFkPnYj5zwmd0LgUdj

    Score
    7/10

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral19behavioral20

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/91vpn/zh-CN.dll

    • Size

      95KB

    • MD5

      360099b5631b29ccbce6e22246ab835c

    • SHA1

      cfce43a06fe9e36542d6dfb32a8971e9237810ab

    • SHA256

      88374c312fd6a8ea243f7f684a75c55c988753880980e3aaed75f954176d57fc

    • SHA512

      ac263c1b85a4ee482718ff5609e13ae789876c20d10e368b644925a84bcc1cc3e8692e929bc01ea2f7ca809663db8796155c1aa995848e2158691e50a7ea4ddc

    • SSDEEP

      1536:vwsAytISshnAk5chO7eV4O/6rweqMLUiXMW4QZHI+7zzR6ieaqFD:nHWhnZ5ceeV4Q6rwJMLUiXMlQZHIOzzi

    Score
    1/10
    behavioral21behavioral22

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/UUWiseHelper.dll

    • Size

      318KB

    • MD5

      bbc6da86a5fa92e1314fe03187265f3e

    • SHA1

      03063aaa92309dac583bf4a1002b61c7357ec075

    • SHA256

      ae32e5e777c7f9261de976a00fe43fff610cb473a61fcf8369669de58a354d22

    • SHA512

      385ddf3f97b6446bc40e0057dc604e16b023de3e34b28e1f8681bbcbc56e3da82d033c7633b54bd011339fffc32c53e1fc039e37eefe8376f9d8f7dd1de8377e

    • SSDEEP

      6144:u5cCQ3KrGsslg017+HWL8/DeZ7/ODmLjE/:CJr7sv7+Hl/CZCivE

    Score
    3/10
    behavioral23behavioral24

    • Target

      金致QQ附近人营销神器(向QQ附近人发消息)_Jisuxz.com/金致QQ附近人营销神器【高级版】.exe

    • Size

      691KB

    • MD5

      4e8fd96a7c59bec59db5f2e173e41f78

    • SHA1

      a8b7411aff0a9fd949d349496b93f9a5457546fa

    • SHA256

      aa5820df166f6991ba5914b51983b989560ea4172d9b8770381efc19108f44a9

    • SHA512

      b8a291d38c01e9da62c84dd42a08bcea311e3a2bc73d796f2c7200e88434798d6212380a4700c1e42293e53ebc6443adae3ae28d3105ea82ff9f482bdb61a02d

    • SSDEEP

      12288:4NAQW3NWo5MB7Ep8DL4b5mDejAU9BAqs7+IF6LQbNH3CzRhlJvuyTCy:4tO55e7EpaMHkaBE+IXNHcRhfTCy

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

MITRE ATT&CK Matrix

Tasks