Overview

overview

10

Static

static

3

阿里巴�...nc.exe

windows7-x64

10

阿里巴�...nc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    阿里巴巴集团招聘部分JD信息2024_5_Talent.Alibaba-inc.exe

  • Size

    13.0MB

  • Sample

    240606-gsz2zsab61

  • MD5

    2b33a8ca3e3d7fa2f1ae010ef161b148

  • SHA1

    61689602270bc6c2590b2ff0639cbad6842d48cf

  • SHA256

    3866eb85f05127359769f8f569a93cf63db26c41d30725ba6fc528754b92233f

  • SHA512

    3163677a66bcfd672792139b2cc53861bb208f85f19f354410c894e0583523644449cd2fb89cb3841f5fc316173ecf6ae929e91352232efeba9a300db191adbd

  • SSDEEP

    49152:kuQAa+joXOeSt0Z7qViOe2Fc+GoCJt25IbiXArylJM5cXTDNVwEVgQj:n0jUpIHrylJMoNzV3

Score
10/10

Malware Config

Targets

    • Target

      阿里巴巴集团招聘部分JD信息2024_5_Talent.Alibaba-inc.exe

    • Size

      13.0MB

    • MD5

      2b33a8ca3e3d7fa2f1ae010ef161b148

    • SHA1

      61689602270bc6c2590b2ff0639cbad6842d48cf

    • SHA256

      3866eb85f05127359769f8f569a93cf63db26c41d30725ba6fc528754b92233f

    • SHA512

      3163677a66bcfd672792139b2cc53861bb208f85f19f354410c894e0583523644449cd2fb89cb3841f5fc316173ecf6ae929e91352232efeba9a300db191adbd

    • SSDEEP

      49152:kuQAa+joXOeSt0Z7qViOe2Fc+GoCJt25IbiXArylJM5cXTDNVwEVgQj:n0jUpIHrylJMoNzV3

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks