Overview
overview
5Static
static
3病毒样�...ts.exe
windows7-x64
1病毒样�...ts.exe
windows10-2004-x64
1病毒样�...rl.exe
windows7-x64
1病毒样�...rl.exe
windows10-2004-x64
1病毒样�...lx.exe
windows7-x64
1病毒样�...lx.exe
windows10-2004-x64
1病毒样�...3a.exe
windows7-x64
5病毒样�...3a.exe
windows10-2004-x64
5病毒样�...rv.exe
windows7-x64
1病毒样�...rv.exe
windows10-2004-x64
1Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 09:08
Static task
static1
Behavioral task
behavioral1
Sample
病毒样本/Windows MailX/1.0.0.0/winhts.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
病毒样本/Windows MailX/1.0.0.0/winhts.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
病毒样本/Windows MailX/1.0.0.0/zcurl.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
病毒样本/Windows MailX/1.0.0.0/zcurl.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
病毒样本/Windows MailX/mailx.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
病毒样本/Windows MailX/mailx.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
病毒样本/b267-53a.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
病毒样本/b267-53a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
病毒样本/zserv/zserv.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
病毒样本/zserv/zserv.exe
Resource
win10v2004-20240426-en
General
-
Target
病毒样本/b267-53a.exe
-
Size
6.7MB
-
MD5
bd0cbfea61691598a28996a604229ccc
-
SHA1
5c4ed76d0008bdd0de4fb04ebbcf51c2aebce428
-
SHA256
f85e22d66bd781c86c0ca3331341109856f03c4dec3c9e54fa84f11be3f88900
-
SHA512
fdb824caad07b7f16a18753d2f3bba2a8e82fdff13afd2832a3d82ee727daa9a6ea018458f618d8c68538280b703ee5b5e820fb4a094a27d2b58ddb05d0724a8
-
SSDEEP
196608:wxtKdGviCH4360TB+OqLkq2u9ygz0zx4:otZqM4360tq2Uz0z
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 4368 b267-53a.exe 4368 b267-53a.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4368 b267-53a.exe 4368 b267-53a.exe