Overview

overview

8

Static

static

3

刷QQ音�...��.exe

windows7-x64

8

刷QQ音�...��.exe

windows10-2004-x64

8

极速下载.html

windows7-x64

1

极速下载.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63f797c21eee2be3c20bd64c34732d9d_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240521-tzytqabh21

  • MD5

    63f797c21eee2be3c20bd64c34732d9d

  • SHA1

    1e30932da2ea44bb1bb172de828785df0f43b727

  • SHA256

    dc1ebbb7b12eb3505b1cb173e77fc802a7f064946673d1c06a9e53d1be8e1fab

  • SHA512

    e260b27600a1d8acfec813953ebd5516ec747b4b43cb229237ebdd0041c9678ddfd3dca80becdc9580f6aafed50043edfb17ee61a91599820087850079f8dbb1

  • SSDEEP

    49152:9PSczIIcz1Ml9O6uqn1+Z8qlPO9H7PSs8/:9PYT1WzF1+CQYTC

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      刷QQ音乐排行榜.exe

    • Size

      2.9MB

    • MD5

      d81242d04c8a7e6b9af5c3d35277d6d0

    • SHA1

      538aa66cf73ae5203c4518d09214a33a4f80b9cd

    • SHA256

      e6fa0b6accebd7daac4104c59b43229e9f2964de57a009faa90d1c5905143fb8

    • SHA512

      34adf691c257f7a94f952b74e072ed245d7cdd73221f0a850a684fcb09bcf1c2df28db7121cb13bf877eff36b586dee5de0bba0da8cd6263e2ff26b37bea21eb

    • SSDEEP

      49152:cr2wLOGsUIdtA+9z1y5ULCacRmKAFXUp7ZOZwRTkhJxWEKZf:uFLOGsUIdtAKzdCackKAc7+wyAE

    Score
    8/10
    vmprotect

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      极速下载.html

    • Size

      110KB

    • MD5

      0c0aa13b9c176498fd24a1fac0f7b815

    • SHA1

      b62a46ec50e743d3b6e15b5763bf0424da3aa21a

    • SHA256

      df24fb785f8ba01c135b1589536ef815a052fe386da40bd2fcaaa086e81ef3f2

    • SHA512

      0214e1ff3046809f0b4f82a68216dd703105db23d2dc21f1082f79fd2681d6fbd8ed4291272717566e1ada87e489fef18c7da79d607e4584708f6ded40b16f98

    • SSDEEP

      1536:5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGCsQSz:5yfkMY+BES09JXAnyrZalI+YQ

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks