General
-
Target
doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe
-
Size
86.8MB
-
Sample
240608-xhabksfe24
-
MD5
4545f5b311d9904fd52208d29972e9ac
-
SHA1
9d299ef64e6a3d4b1802656396e41ef859077a29
-
SHA256
7fc71026f8a0d6d90a270f91d5abbeb4d6e4066020dbd1008ba22978b7a3a728
-
SHA512
f8f922e63c0df82be3ed667e0c42936f0e11e0cfab1447e08163cfdabae942f542eee93c2c39dd1d0192764e7426d7417e16c64acfdf59189a38f1c9fe379d0a
-
SSDEEP
1572864:CE0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP4S6uVUc9b2QDO8Ei:ljtmK+4P8V7Hfi+pu/NazL4S6uVDlK+
Malware Config
Targets
-
-
Target
doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe
-
Size
86.8MB
-
MD5
4545f5b311d9904fd52208d29972e9ac
-
SHA1
9d299ef64e6a3d4b1802656396e41ef859077a29
-
SHA256
7fc71026f8a0d6d90a270f91d5abbeb4d6e4066020dbd1008ba22978b7a3a728
-
SHA512
f8f922e63c0df82be3ed667e0c42936f0e11e0cfab1447e08163cfdabae942f542eee93c2c39dd1d0192764e7426d7417e16c64acfdf59189a38f1c9fe379d0a
-
SSDEEP
1572864:CE0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP4S6uVUc9b2QDO8Ei:ljtmK+4P8V7Hfi+pu/NazL4S6uVDlK+
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe
-
Size
1.5MB
-
MD5
8b3b487e9dfd2852b5c8634b418e7c7e
-
SHA1
45ff4beb4125aed9fef91e88c03e93b8853ddeb8
-
SHA256
61ab4d9e17954ad9885736ccd19a9a7e809105074b59d12ab78f4eefbe5d9581
-
SHA512
2c041aeb5decf51134afbbf5583ed4a23d92ff5a7bcc35450a07f123b9950a57646522a5dcb34089e118ee353ecd1041e0eb020e55f9b9f8e67bb35cf519295d
-
SSDEEP
24576:3wy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzU:Ay53w24gQu3TPZ2psFkiSqwoz
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/nsProcessW.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe
-
Size
50.6MB
-
MD5
7971543116eca5be24d8c68c87e578c6
-
SHA1
7494d16f34b5f7ed1388038818817732fa7b8204
-
SHA256
9e3802fa0578282a65d8df72ba0308660fe80a67dd023e02e94dc2d3c11834e5
-
SHA512
b7583409ea718d60ac81e8d28ab7511850d0b43e9bb9ea8488dd473b1ca904afe99d1ab298b1c5ab5271d8584baed65653196d3caf0ad9737e70f2eccbb9be4c
-
SSDEEP
1572864:X0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP:XjtmK+4P8V7Hfi+pu/NazL
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-