General

  • Target

    6321e4cda46b348f3f5acba99c00a686_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240521-nlz7qsca3w

  • MD5

    6321e4cda46b348f3f5acba99c00a686

  • SHA1

    1eaeb662e2ae22ea90df6bfef1ec61dcc1918211

  • SHA256

    dec719b460f471670e42d1174a2405706063128b81da992dda953223212e6065

  • SHA512

    bcb07da3d3ee7f09f1aad73bfb9429b11d7eac1a6776498f43c34e5253d73e570b2ce876ed91a752c94ba1a0d6f6658dc6cf1e6ddbe600d278d6569663a37171

  • SSDEEP

    49152:+dhGeS7PVefIo5v03Cpv1/L4FhUOnfH6HQW:+dhGn7deAoOSp9j0CO/CZ

Score
7/10

Malware Config

Targets

    • Target

      新云软件.url

    • Size

      217B

    • MD5

      e5e80be1cf1a1b2af35991aed091c827

    • SHA1

      79e02d122cdf24da7e59044b4bf83572242b4c71

    • SHA256

      1016d243a1266c9970996f2847639ecefbecc361cd98fb79d27d048eee3dd69e

    • SHA512

      b926f6e34e0e9e260a8f6e59ec8e660af0fea09de91140d968cc7665ea45f840a8951f4a1c0400bfe384d2e269159febfc5e32981b863b9d97830f5eb2521705

    Score
    1/10
    • Target

      歪歪团队刷花辅助.exe

    • Size

      1.7MB

    • MD5

      8788b56c553d454bab5fa39e625ac497

    • SHA1

      6a5066debb0648a02025b96f7aed0f2a25b18bb7

    • SHA256

      b50c6855c8a5292fc23d6c410bf84518d5ec5059c6605c9e78041ed11873c3fc

    • SHA512

      57ccd0b955944cf54de2987d9108584f94df021072bbef97d391d58e032fd0100329df0c55d21619dd9eea9c1e934c71e8ac21eca343ea1e085a52443698aaa8

    • SSDEEP

      49152:9qDo3PoD+UClLOtQgJBy6xsd3Dpj8oB5JOuz:9qDrD+U2LMHJBZsd3WKIe

    Score
    7/10
    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks