Overview

overview

9

Static

static

3

aoqics/lpk.dll

windows7-x64

7

aoqics/lpk.dll

windows10-2004-x64

7

aoqics/下...��.url

windows7-x64

1

aoqics/下...��.url

windows10-2004-x64

1

aoqics/奥...51.exe

windows7-x64

9

aoqics/奥...51.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    678181fbaa490ca086484b0fdb01c8ac_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240522-raw8gsdg68

  • MD5

    678181fbaa490ca086484b0fdb01c8ac

  • SHA1

    ad269ccf2bad39eab42fd360513e9997b49880bb

  • SHA256

    a7fa2c542de02d19b54a9f03e43e6d228cb9cfe555fa8650ec4fab33ed523c7c

  • SHA512

    91a6f70a5d34cd77fabda6600e261a717bd842e48b5505511a2676bfb73c3264b95b985f5f1246f30300a4e49b5573b9a32b77f3203b31122e23777202ce4f6d

  • SSDEEP

    24576:EH2eezPWRz9Y0f0KCa/Kr24zyzXlKJhLoLOJthhzqVDIwA4A+HmmP50:k2gRzjr/L4ez1chR2vylmx0

Score
9/10
evasion

Malware Config

Targets

    • Target

      aoqics/lpk.dll

    • Size

      46KB

    • MD5

      d678a9bbbeeeacdafcc538171ab5dd8f

    • SHA1

      fd511a172eb91d35dd71ba37cdfcc6870bb4df22

    • SHA256

      1ca2927f7e0478c41f94823bb99b74928b36b618ac29a21aeeb95d632089e8d1

    • SHA512

      eb60111a8d826f3e5aacdb6755de6e9dd952199419c62349f4ac22c896dcccfca8ca4fd3b923de431ce9b5ad1bb5de6e1a62fe71ee681ade6ab39089801f4ca2

    • SSDEEP

      768:hojY9PKqxdonOp+IKDDCgEeJ9nmJKLVWrVzD5fc5yzOojY9Po:0myqx6nOp+I5kmJKRWbc5yzvmg

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      aoqics/下载银行-提供免费绿色软件下载.url

    • Size

      265B

    • MD5

      8198b90729a29a180d83f169e44bf4b4

    • SHA1

      808c7001a47365ed66f763540472f71c8ab8f3c0

    • SHA256

      0472fb354a075029d538acbdd78064da47a19487e4efcaa513417232036ad656

    • SHA512

      8191fc06f76f598a0f3022115f9904feabce5ed9e5642557a245e279aecd1e447bf359f17b5237fd52117438dd133a214e53886769f97ef3a5850d4e50bef502

    Score
    1/10
    behavioral3behavioral4

    • Target

      aoqics/奥奇传说Lx辅助 V7.51.exe

    • Size

      1.3MB

    • MD5

      07f9ac9b0df8774bfe89f47b5c3a347d

    • SHA1

      b6b313a04a6cde7ff1c3da22ea7d5f5ad0c2ce67

    • SHA256

      440b10cd9463d69115908e25d44f63b5da7a082da73ba8449bf8b645ea90f77d

    • SHA512

      0d640e61e91a2df248d1a218ff560521ad6a4ff0604a3ddf6cf56314aef5a6e617133865d44bfcb38ee8995b1da307de0f9ad3446423764c82e74520410aaaaa

    • SSDEEP

      24576:S83p9ZV/sft5afH452Hy36R3y7YynHqMbgvlPD2X6gYd2u/wbei7:S8RVUfPC4z36R3ycyKMbqAU

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks