Overview

overview

7

Static

static

7

Engines/HF...id.exe

windows7-x64

1

Engines/HF...id.exe

windows10-2004-x64

1

Engines/HG...en.exe

windows7-x64

1

Engines/HG...en.exe

windows10-2004-x64

1

Engines/Ti...10.exe

windows7-x64

1

Engines/Ti...10.exe

windows10-2004-x64

1

Engines/Yi...12.exe

windows7-x64

7

Engines/Yi...12.exe

windows10-2004-x64

7

Engines/he...12.exe

windows7-x64

1

Engines/he...12.exe

windows10-2004-x64

1

Engines/lzzjz.exe

windows7-x64

7

Engines/lzzjz.exe

windows10-2004-x64

7

Engines/pi...la.exe

windows7-x64

7

Engines/pi...la.exe

windows10-2004-x64

7

Engines/re...er.exe

windows7-x64

7

Engines/re...er.exe

windows10-2004-x64

7

Engines/yi...3A.exe

windows7-x64

5

Engines/yi...3A.exe

windows10-2004-x64

5

Engines/yi...3B.exe

windows7-x64

5

Engines/yi...3B.exe

windows10-2004-x64

5

嘻嘻五�...��.exe

windows7-x64

6

嘻嘻五�...��.exe

windows10-2004-x64

5

更多软�...��.url

windows7-x64

1

更多软�...��.url

windows10-2004-x64

1

飘荡软件.url

windows7-x64

1

飘荡软件.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f272089ad7058dad4f14d1c883e71fa_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240611-w6gj5awhka

  • MD5

    9f272089ad7058dad4f14d1c883e71fa

  • SHA1

    a8fd21851c66f01fb3f287f510faf102b5bb93b5

  • SHA256

    70666015656b481f8b32b6167bc9b0b1b947bc7619f8a5b3e699f8c9cd15c072

  • SHA512

    9867d06f39c53fa9bd6f939a5dcf81565359d41434bfdfddcea9c48fa58a5f7dde8a9e7c68095433724800f69171a4b96f3ad678538bd329e1e44bcd1f18831c

  • SSDEEP

    49152:J1fSd2/5JlY513CaZEs3dlAVV9wJ1ayMvOWDBAwW7Ju4joae:J1usJlY5RCaEV9wJ1UBHW7Jnjo/

Score
7/10
upx

Malware Config

Targets

    • Target

      Engines/HForbid/pbrain-HForbid.exe

    • Size

      396KB

    • MD5

      5c8119f1412d4da8a354b5e0ec3bcf8f

    • SHA1

      c3b0ab0eb64824054486fbdd9eb3c809ff8d84fb

    • SHA256

      81a5237826f26b978988f54d5bb583155332aa0fbc1c7aaba5bf95bb72e5205d

    • SHA512

      5bbe33d71cdf4fdebec986f274545a1f8a0588093ac1f6e8c871f6f1959e8775d29725cd4582d19548435e0d6650ecdb3f000dd23323e1baae505d8408e04c7c

    • SSDEEP

      3072:eBuWd8V4jkkE7RSgUeB5dCDmeB5dCDseB5dCDgl:Ed8aglSgUW5dCCW5dCAW5dC

    Score
    1/10
    behavioral1behavioral2

    • Target

      Engines/HGarden/pbrain-HGarden.EXE

    • Size

      428KB

    • MD5

      591e4ed091e036ea476d28cf941d855c

    • SHA1

      4b7fa86b527a4fd276c6af0e4f709a888d155adc

    • SHA256

      9ef8f4820987731e645f7042d12f584375e9abb123f06e627f00d13ce405aed1

    • SHA512

      814ae6dff6f5ce786ce87cb6cb607f1263ccf3f86ee89e24304daf2528c31b87d7537607add9434114f6d2dbec84c63d9bebd802baf050420ee8e40d51d49ad0

    • SSDEEP

      3072:U9I0cNZB3TEK6nTgo7dkDeB5dCDbeB5dCDseB5dCDkjJtGzA:U9I0cNXj1oJdkDW5dC3W5dCAW5dCcqM

    Score
    1/10
    behavioral3behavioral4

    • Target

      Engines/Tito2010/pbrain-Tito2010.exe

    • Size

      50KB

    • MD5

      1e36988a72cb766762d5bbfda7843e4d

    • SHA1

      dcc0213f581ead4cd53c47d76e87b9e8660d9c6f

    • SHA256

      5c6d5bac89ce36fc1d1c57738895c82d5f26054a001a474efe4eee0c0406d684

    • SHA512

      4eaba17b36a0cf88f360bf7a33090fe7a17065f6294d5649343a410a12f480efb0905f2c0a5408257f5a26d8078c05a1052288c2f72fcd4a63548d7f248e6fd1

    • SSDEEP

      1536:QYYaj8rozNzpt/lCncxO/sxhHtC6ACMSm0:dwUzNP/6cxOuHta590

    Score
    1/10
    behavioral5behavioral6

    • Target

      Engines/Yixin2012/pbrain-Yixin2012.exe

    • Size

      977KB

    • MD5

      5c1498f30ac5a86092f1a041ba8d4173

    • SHA1

      a7c20b428956bbace54c1502ee2ff93eabc8e793

    • SHA256

      54c4bdcbb95566d5fd26416170511bee82cc41ca44b27bbdc00deaae8f58c86f

    • SHA512

      1f65f765a917134b6c92ef268bac117a236e75ad0328f530f3e676a3aab96b35c8e715bfc69fc3144a765b94fbf70d55a6865c27d495bd7b618e21af64e5c82c

    • SSDEEP

      24576:xqzczzavQgRkCIYUfNRYlIji2YJpD0Jemo0LSZn1V:xqovIBRkGlRXmo0u

    Score
    7/10

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      Engines/hewer12/pbrain-hewer12.exe

    • Size

      275KB

    • MD5

      d234725d371c7802b1d7351ba3d0f2fb

    • SHA1

      4065e2aae12555873252870f3203d459f420d53d

    • SHA256

      ae6964c0bcb82cf461710a3248f0f5c9dbcd00f56ff3aecbd15f5b94d1fff660

    • SHA512

      a41f4103eac130ad4d58d4c423c4baae1e2ccb4c03d148d16c1dcc33c71ba1d479f0bfe6496170e9f5df0c5f9eff3316182db22423c9a500bab6d0209a12f48f

    • SSDEEP

      6144:aHL4Js0x82wqHY3bh+dsS/pH4XAAOyw2:w4Fqo43tFS/pH4Q

    Score
    1/10
    behavioral10behavioral9

    • Target

      Engines/lzzjz.exe

    • Size

      626KB

    • MD5

      e1f6ace332fc0376a9e2cbbd7c9d6a90

    • SHA1

      24dc007d1483cc79c66f337db02d91e3b62f32ef

    • SHA256

      f623a6716473d850a3364065278720f20ede19277332356a275919c632f17431

    • SHA512

      268d168397b2129c4cccc27cbadc155d685bf57db90bcf53f0347a4d90d154a36feb0aea797fee43fc8dc8c78845ddc5d0fb7e46b77b81f22bf52c8697e5a2ba

    • SSDEEP

      6144:LiMnrVNSoUJj65VFh0ICD32LPDZ9oLRHLichJTPRoRbcXU5HUmUGlaXZxZZBvGXo:PrvS8tR66sBtR66

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      Engines/piskvork/pbrain-pela.exe

    • Size

      10KB

    • MD5

      adb5ab2912418541ce02f6755f0f62c9

    • SHA1

      79ef8f0407b39ea4b0b096214f457bf0ab5d614e

    • SHA256

      42f1d9ba97c65d6d1ef2161de6f1b87865fa73247105f3f63e2f3b1f08edcdc8

    • SHA512

      8a46cfe54433c3dfc4aec59cb79c3cfcbb32da1db7b2e643aa0098547c53c65a20b1a65b339f6618acc23b14b3a25918ec5453ca37f58f9c54af6a48e155ca1d

    • SSDEEP

      192:6o8IAzztbnhn/QOjvtk6wB62tyiMxz6wpuK4ltb/DTrFxvv44o4KAyL:LYzzBnhnYOe6Jlx2wpvQNTn4Vn

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      Engines/renjusolver/pbrain-RenjuSolver.exe

    • Size

      129KB

    • MD5

      ac281f90ca456a98e19d1fce3260f3d6

    • SHA1

      9ead8e554f87f44c43614f5f8f5677adfdd6e922

    • SHA256

      9f063b3712cc55f60d1df83b7e18de80c65dcd3205cb941955a75a88c468a068

    • SHA512

      600b989fb9e4164a39e463ff6fb742f5835a03ef37986ebbf3492c711993b7bda114c3e2a79b6f8d258b4413ef4bd6ba406f3fc0feffcb46f0f296143bfccc70

    • SSDEEP

      3072:Tf64nMCJhQzsg+MlS3fJteaUZqaz0GV99wHA776q6X0:20MCTTg+ES3fJteaPazVV9+Vq6X0

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      Engines/yixin2013(A)/pbrain-Yixin13A.exe

    • Size

      947KB

    • MD5

      104743ea5bd27b4d75baf0f1aba957a7

    • SHA1

      a9ce02687063759feac66bdb0d108bba003c2551

    • SHA256

      1acb1464daa2f12efcebb3ad46c32de127c81c4bfda0a7fc6542bc366c3640cf

    • SHA512

      b6362f49a32bd282dfd0350f39638cc6577b474e1f36998c7ff85f45d9bd86375bfed1b200c06465ad815607d2e61ed09c9d0300cc40f1f2c518b3f170188853

    • SSDEEP

      24576:+0kwlKh06SLX5O1QlRTR/faoQBCfGuJ8zELJd+ZAmcVNP66sXhY:MSLX/lHLQAfGuJ8zELJ0Z6VNP66si

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral17behavioral18

    • Target

      Engines/yixin2013(B)/pbrain-Yixin13B.exe

    • Size

      967KB

    • MD5

      62b536e5d30582a0ebf3c71818ae1402

    • SHA1

      670be14139d8458118b97bcd340fb3b9ffae2a92

    • SHA256

      9e4c370339142dfc0111295299258fa3ec51ff83d11f927468b2fedfe4699dc8

    • SHA512

      7fb10352560eebfa4637baf6c892c298c0db1adbdcfad4a3e07236b833f03e65eed6a893a07645c5080f455ba56ece3ffddd481a75990f2e9cf9ef70bfed2952

    • SSDEEP

      24576:LMqeh6yINYfprER6vp1114vh1MHa2HnJjvCV8xThAFlz5Nsq6:I7SIakvp10v72HnJjvCV8RhAFlz5qq6

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral19behavioral20

    • Target

      嘻嘻五子棋辅助.exe

    • Size

      44KB

    • MD5

      48c0440089848bfc667c3f83573c9524

    • SHA1

      d8490bf3911c0023e07a473db3bcf7a79716e291

    • SHA256

      1e3c61027862eec3bdfbfd25458c8c40cd9803203813d6c42c55c86170804a3a

    • SHA512

      5fad30bf0e4e2b74e68bda5ce979ac361c6ec23075eb8f79c88b9e9ddfd1c2d7bb33e9842f26eab8e6e392b65880f876e48f1d1773f03d97c9cb6220590ad06d

    • SSDEEP

      768:tN5b9z9b/irfBYvdrxc7dzpFKRwoucfKUQIDJKbpLAj2VXPomP:X5xzd/YfBWxc7b+Rub7sJKNLAyVXbP

    Score
    6/10

    • Program crash

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral21behavioral22

    • Target

      更多软件下载.url

    • Size

      204B

    • MD5

      94e540428ac8f3545fec78c2b3dd8c0e

    • SHA1

      cd46c366b68af03fc8fa4fa097f9815d43e4c2e8

    • SHA256

      357214eb50712a5c8663ef263c458cb4ebbbc27e64d73ab5e32c82f60a7b80c8

    • SHA512

      3c7876c3a18e1ba98329392ac1b940c479552b361386ce3776622ae557e4d3d8cee045d162a614a302a603cb4615024258703e0652f41541e043fcf7ecdff539

    Score
    1/10
    behavioral23behavioral24

    • Target

      飘荡软件.url

    • Size

      328B

    • MD5

      e97aad722245bfc4a60be0e6f453be6f

    • SHA1

      c7b7c9585109f71526ed65616668ef7573841d9a

    • SHA256

      3f6b8de5ca595a2e7371396fcb22b303e0f664733aabc940657c33324d5f269a

    • SHA512

      f151b723079fc09ac4b44c540b278b8c273f3958d5b661a6b30e31b119dca6d017ab0f987c52c60cc46e917ef9626e943971017d8e1dfe11c4cf27b93a2c772a

    Score
    1/10
    behavioral25behavioral26

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks