Overview

overview

7

Static

static

7

大漠VIP�...pi.dll

windows7-x64

7

大漠VIP�...pi.dll

windows10-2004-x64

7

大漠VIP�...st.vbs

windows7-x64

1

大漠VIP�...st.vbs

windows10-2004-x64

1

大漠VIP�...��.exe

windows7-x64

7

大漠VIP�...��.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6471fad15a2375f9ee2b596d31c376c8_JaffaCakes118

  • Size

    947KB

  • Sample

    240521-xxtnrsfd64

  • MD5

    6471fad15a2375f9ee2b596d31c376c8

  • SHA1

    b67cc42702e7436404bcb63005950bb11d654292

  • SHA256

    7e0a3770d213108dfb447df83168e4d93ad834589214ec989f34e5cf0b629a17

  • SHA512

    990dc5ec38aa2afb3697a6b96f7881da879676ac9766cc20f41cf8220cbda7255b8eff3c42ed772ca946da65314d7b86e46099dad82e6a62e57fecbd2d58f507

  • SSDEEP

    24576:/FXZukvcBLT10+ZBJv70Oywl67a/MOzYNKXUX7vFueThtf:tX8acBlj1A57YMORUX7vwmhtf

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      大漠VIP工具 紫枫←和谐版/api.dll

    • Size

      876KB

    • MD5

      f692c7ca173f154c562ae9418cd9c4e3

    • SHA1

      35ab08863bac49ff00b0cc42c0458e2ef63192ef

    • SHA256

      7ccd8397d56501727910f2ce7d5c56f44fcc707076f4ef274f738a5b65de893b

    • SHA512

      4e907b089ee7701c1c9262c4cb45fa12669869d804528082055786b46e488165df90adc7f55101a4c167ee112a6b8810e5b41a700a9c456d1d3658aeb132d7ae

    • SSDEEP

      24576:JbdD9D2JLXO/YYtkTlSXYJW2iiia5TN2gKfN5D7hsMRLfrQC:l99D2JLdYyTY20aZogUt7Be

    Score
    7/10
    vmprotect

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      大漠VIP工具 紫枫←和谐版/dm_test.dmq

    • Size

      694B

    • MD5

      99653dd27189914ab0fa4b6fcfe004db

    • SHA1

      29228facb3ad7e90bdfd52cab29d17f3c4ab40b0

    • SHA256

      659e9ed49bad81e525b522580b0377779922ffd360c5cc5f56ca9eed29f4df4c

    • SHA512

      276137254e18f76378b5601c76619df2da8ae5a4cf33c59cc859554b06056f5e302c777fa219770168540524b9da26789492197221a74e405048e96d36700610

    Score
    1/10
    behavioral3behavioral4

    • Target

      大漠VIP工具 紫枫←和谐版/大漠VIP工具 紫枫←和谐版.exe

    • Size

      20KB

    • MD5

      c0dc263c89a7df29fdd44ad24346987f

    • SHA1

      69b87c0409c9499097cf8fb794c69b6e0916728a

    • SHA256

      f8c95c3108fd80113e83ba1739c2327a487e7e9cc4fdb600a46a6a0237722f1e

    • SHA512

      a9c834deecd77a0c05ff949bb10ab0b874953fcc568f387e4611551bc32355768d9b98451d92872adc7fdfc186530079918c22c578a9e3615cd1f10727e58dfe

    • SSDEEP

      96:Ie4Ey6aap3xxIzluYH09L9T9Z7Ptboyn5iLHE:IeaR6x2NH077P1oyn52HE

    Score
    7/10
    vmprotect

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks