37f9ef58121be8aea583bce2112f5192bbff22aa3eda063f1978626bc42d6177 | Triage

Sharing

General

Target

SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe
Size

4.2MB
Sample

240517-fxkbnaah3w
MD5

322f6e2c296183cbd2d177304e896b6d
SHA1

1271eaa59e3451a331613c4c6a529bbba1f8334b
SHA256

37f9ef58121be8aea583bce2112f5192bbff22aa3eda063f1978626bc42d6177
SHA512

a87ab7e218515187c031e21e8a19c443a2d35b2231c94a23da7e7ee622c05d7224d302f6e4c244bc9554a05cbe2130a8c3610a151ed4e6a55192db172d16f224
SSDEEP

98304:9WTFeiFYbqNMQZyXNG2NbAHfr88Owb/v30uRLEqJ3oNURsUmE:sxXabqN2k1T8GXHRLXJ3oKNmE

Score

7^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exe
- Size
  
  4.2MB
- MD5
  
  322f6e2c296183cbd2d177304e896b6d
- SHA1
  
  1271eaa59e3451a331613c4c6a529bbba1f8334b
- SHA256
  
  37f9ef58121be8aea583bce2112f5192bbff22aa3eda063f1978626bc42d6177
- SHA512
  
  a87ab7e218515187c031e21e8a19c443a2d35b2231c94a23da7e7ee622c05d7224d302f6e4c244bc9554a05cbe2130a8c3610a151ed4e6a55192db172d16f224
- SSDEEP
  
  98304:9WTFeiFYbqNMQZyXNG2NbAHfr88Owb/v30uRLEqJ3oNURsUmE:sxXabqN2k1T8GXHRLXJ3oKNmE
Score

7^/10

discovery evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  GameRender.exe
- Size
  
  608KB
- MD5
  
  0d50650038b3c1f054ebca3383204008
- SHA1
  
  28a33c7141abd4bb893a64d66e078301d3ec538f
- SHA256
  
  d254cec5a991aab692bc0607f86d0c14f4d0a6664c521f4c51f0260369c6e5af
- SHA512
  
  c1d257a544c7dafc8262cb0aeb0bead9a9ef385b304c4f983ff59b7282bd4d3812c6558817479a9d1a212822ace7756041aabe7873c0a3865523b831c1561110
- SSDEEP
  
  12288:5PQ4WkuxjqNnrLdHkC8Bgs7mjMMkoT19likpEkvvbIc:jujYZhMmjvkoTPQka+Ec
Score

1^/10
behavioral3 behavioral4
- Target
  
  MiniClient.exe
- Size
  
  4.5MB
- MD5
  
  936955d0c2959a3ffb8c586718d8e6b3
- SHA1
  
  01c04741b3e77de7ebdb598a0a8dd3b967dfffb8
- SHA256
  
  dd190e210e545d39cf304cfcaf4335803e907553aa6547103a8b21b9656b88e8
- SHA512
  
  a8e478a252ced5ed1025c8b299624f246fb1929d864ae497152cbeb75a1d55475df947d790bf77bf7a4a179fa886ce57d0550020b83636b9e9973618675013df
- SSDEEP
  
  98304:B3KNdpYEqKupmCXegJpBvE8lWOhzhvtosM2ypVaf4OiZrq1DfPHNADtV6v+qxi8O:8dpYEqKupmLQE8ldO2ypVk4O7NADtV6Q
Score

3^/10
behavioral5 behavioral6
- Target
  
  uninst.exe
- Size
  
  502KB
- MD5
  
  1a0d8ba35bc0f7f3e81dbd33738f1e6a
- SHA1
  
  3f0fcf39f70df52a00f4fc31473f046650dba410
- SHA256
  
  992a4624a43642d6cd22350aaf229957cb98d02f5bfc084011586611d4f8552c
- SHA512
  
  e802b007ea4018423dd4c412d6ed9895cb35b78477a3b8638bbad3a86b7116575ef1d2f054101bd07f191b34de9314d40730e91426f06191b67abb3fd7f89acc
- SSDEEP
  
  12288:ZoOiHJ6Lmb2+/GaBfnpkIDo3i9Yuq0MPeq0i7+ASRJ6B:ZoDk+ZZnpktYiXSR0B
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  zlib1.dll
- Size
  
  105KB
- MD5
  
  b8a9e91134e7c89440a0f95470d5e47b
- SHA1
  
  3cbcee30fc0a7e9807931bc0dafceb627042bfc9
- SHA256
  
  42967a768f341d9ce5174eb38a4d63754c3c41739e7d88f4e39cd7354c1fac71
- SHA512
  
  e8583ea94b9d1321889359317e367abc88e90e96d0d9243258244a527ffa2b13ab97d0787693ca328960ceb934ea11eefd14abafd640a654473c26e420d2ec54
- SSDEEP
  
  3072:Y15jVjUqf9CtXH/4UghkGTBfmJyqLEC9BRY:Yf81wpTB+Jyqb
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10