320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca

Sharing

Copy URL

Twitter E-mail

General

Target

320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca
Size

3.2MB
Sample

240705-tjqheatema
MD5

15b15cd4038bff493586eed699456216
SHA1

bb68bc0b7c0381cd82f2e563dc1a000ebd65bbb4
SHA256

320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca
SHA512

e284cd5db21034d184b0e7e1e753b6b18033fbc787e079b1db8664a53dd2fa5d51842f9cc028dc49c1fc493696a579c52b147d10a34db16889b74adf0f06c602
SSDEEP

98304:3Vxmyi9810EpbBqplqYxPjdzQbEk021nYeJ/VbIp:3riobsJxPjOz0lsUp

Score

6^/10

Malware Config

Targets

- Target
  
  winhex19来自百度/Chinese.dat
- Size
  
  21KB
- MD5
  
  833ab5b37febb906dbfa095b8793d46e
- SHA1
  
  7628d462af363c3714af98b6f9d88f40908304db
- SHA256
  
  bf96bcd2180b7d5f1c5c50d1f3d146160b8a1ad642c0049c8cf283ec5bf1a172
- SHA512
  
  07913534721c72619504f17b25ab441fa7ca527f67792edbd29186a75d130e7f611bf242d266736ae89fe798f0fb450bc3d5924e848d0921517450785778aada
- SSDEEP
  
  192:nqkhd5kGU7tofwjcWvYYadJNAxfCZTrlJbLE9JUUcGTqEwu5uBSaoV/xNKMlrk+:JdadtlzvYYadJsUJ3aJUUcGTKjMrNrk
Score

1^/10
behavioral1 behavioral2
- Target
  
  winhex19来自百度/Dokan.exe
- Size
  
  658KB
- MD5
  
  b2e209833057cc4780209a6002c45d12
- SHA1
  
  8ce9986d09e446ac9781de6de39d8cff765d8f98
- SHA256
  
  3d676ce6e3a12c14f275b03f64d73d49463a0ff946a5f661b603559025e71a84
- SHA512
  
  d39222d0136f27cf01b14cc147eb149e266e55f8bc265fd15b158d785bc246f02be3a0156c79ceb96ee5d2142cb2c85ed6bdc563633cbdb142c60fc90fc97288
- SSDEEP
  
  12288:zgFlvmqVx1SCW6rER4afkJPAPO1Bet3+xii6hD+ueolM:cbwCEyLJKOmeFO6ue0M
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  883eff06ac96966270731e4e22817e11
- SHA1
  
  523c87c98236cbc04430e87ec19b977595092ac8
- SHA256
  
  44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
- SHA512
  
  60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
- SSDEEP
  
  96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/README.url
- Size
  
  147B
- MD5
  
  d73e2ea707a98bce24b1970c91d82f6c
- SHA1
  
  958c538cbf96d06dd81f014fe4ac0c90137c5d40
- SHA256
  
  64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d
- SHA512
  
  0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe
- Size
  
  19KB
- MD5
  
  e40b0a2f59f793740329ed22d3b541f7
- SHA1
  
  2bc325c247e35040841f6f5eb0cdc965a026c947
- SHA256
  
  83b3bdeb96229130d83b7b813a73cb88e08f347e3488ec8b9fa09be135e5e590
- SHA512
  
  846d2023862ff8e49506223d9016c56fce9931a5167ab85a89d7d59343837d00db20b0754b8880b4ff634b1a86a7ca24ce8fe5cfbcecff51183c481fdcbced96
- SSDEEP
  
  192:fzbL1R1TGInfuQyPZdSb+xfILyIfIQXJfHCAtAO8cwEBnYe+PjPDHDJVg2bjymzt:fb1HUm+CZfICJHLtgcw4nYPLDHxF60/
Score

1^/10
behavioral10 behavioral9
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.h
- Size
  
  6KB
- MD5
  
  ac9b04dcb1bf826e1fd0b6428585ce99
- SHA1
  
  d98f35b0be9b47cbb20d40448724f50e877dcc75
- SHA256
  
  b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33
- SHA512
  
  9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3
- SSDEEP
  
  96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.h
- Size
  
  7KB
- MD5
  
  aa66662107a23f3e24cfaa54bcd42eb5
- SHA1
  
  00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb
- SHA256
  
  55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472
- SHA512
  
  b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778
- SSDEEP
  
  192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA
Score

1^/10
behavioral13 behavioral14
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/mounter.exe
- Size
  
  22KB
- MD5
  
  6569d05c382977bca5644385b464b611
- SHA1
  
  e2e7be33f3ef79c010dbbf57cc2a6a4e9fc63d23
- SHA256
  
  7e999ffd64d21810b7eb7725188b0023fba19753875ae6b0c27f0d5d9d9e4503
- SHA512
  
  2b38a5ff0c494bdbd68f074070d480ec6902df84bc912cfd6c064a87ed0bd5f6dd1667f14347732f19b326e1179206698a925df40a2a76eeffad0da79292131b
- SSDEEP
  
  384:EBu+IqJyYVFKu4WTntWDiIEHTuAgbOPTn2fVQ8kDhJh3EWqnYPLDHxF6O:Eg+TwYPNWi7Ht3EPGmO
Score

1^/10
behavioral15 behavioral16
- Target
  
  $PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe
- Size
  
  33KB
- MD5
  
  6acbc945f2d080370369e635b0dbf34e
- SHA1
  
  94ced85b00dd5c35b8c0089f8f55168fb9236856
- SHA256
  
  9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08
- SHA512
  
  cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793
- SSDEEP
  
  384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA
Score

1^/10
behavioral17 behavioral18
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/README.url
- Size
  
  147B
- MD5
  
  d73e2ea707a98bce24b1970c91d82f6c
- SHA1
  
  958c538cbf96d06dd81f014fe4ac0c90137c5d40
- SHA256
  
  64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d
- SHA512
  
  0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral19 behavioral20
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe
- Size
  
  19KB
- MD5
  
  217420512a7ead98b0af328f6bfd2e24
- SHA1
  
  7a46e505dd933d93de7e3cc16b1f8f7bb01a15cf
- SHA256
  
  4b3584794ffc6e947b54c8c296405f400b0325f5419d978164625b29c783ccec
- SHA512
  
  7f4ed1fe023cc4a65a45ef635c26707ea545be7cf51b6ed5274c5101cdf7274ecd750860a5a5f02b27a959117cc38048763f0057d9da4940d616c52c1df9ab79
- SSDEEP
  
  384:HHQq/E4Q/sWh1dN+Ctu/ICBHD1nYPLDHxF6I5L:HTLLadoCU/ZZZGmI5L
Score

1^/10
behavioral21 behavioral22
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.h
- Size
  
  6KB
- MD5
  
  ac9b04dcb1bf826e1fd0b6428585ce99
- SHA1
  
  d98f35b0be9b47cbb20d40448724f50e877dcc75
- SHA256
  
  b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33
- SHA512
  
  9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3
- SSDEEP
  
  96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.h
- Size
  
  7KB
- MD5
  
  aa66662107a23f3e24cfaa54bcd42eb5
- SHA1
  
  00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb
- SHA256
  
  55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472
- SHA512
  
  b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778
- SSDEEP
  
  192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA
Score

1^/10
behavioral25 behavioral26
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe
- Size
  
  24KB
- MD5
  
  166428c4def3b4b3db206770011b044f
- SHA1
  
  e37de4a30f6aac82d3294a43646e20619b94eb18
- SHA256
  
  7bb5e6094d27be2ecd2c5f9d3990cb81eb02a26314388e546a60918686fd91a9
- SHA512
  
  e45368344a68698ff4efa9ab4f9bcf6b8099825c96c57e6af37afbfe7e2ac699af8e399f3dfb08d9c66afd501efe8f4e87cbffb42660c3e609825af3a81022f3
- SSDEEP
  
  384:9N4SJ1SIyN1tzzI1UJpRsGgAbuP0gncNfVA8UEHUHCunYPLDHxF6BH:9SNzdzQUuHCuGm1
Score

1^/10
behavioral27 behavioral28
- Target
  
  $PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe
- Size
  
  34KB
- MD5
  
  d2558426e6a7dcfcfdc070972e761175
- SHA1
  
  cec9616ce32b4ae0f683dcee3a5e1ae75edda2bf
- SHA256
  
  37e0aa7808e82ca01ef3eb9e937e5976ccc75503af6b70e42edf437673c97568
- SHA512
  
  3636b9731d5a5806378aa41055b7b4639cea3ca04d5b06cfa92050a25790612588901415cdeffb345c3a7953e3221e1647656782a6d068ea0528d4cfafdc45ab
- SSDEEP
  
  384:5BoJShlcKiBtUqaCg8gWmiDe5Tno8Ermb7oxRlA0ykf+DoolK+5pTdLK63/nYPLM:5BcShlmBtdiPtodRlWkg7Q6PGm3
Score

1^/10
behavioral29 behavioral30
- Target
  
  $SYSDIR/dokan.dll
- Size
  
  37KB
- MD5
  
  aabd2e7fb2fd1036fd1ba8f1c5d1386b
- SHA1
  
  7e00b00237fd7784a75ff9dfcc24c56d0d801e4f
- SHA256
  
  a72a2544d8ab64094dddc759d26300581e03ae6b736ee0bfba67171e1cb6d148
- SHA512
  
  26e70bfbb590922f5d761215af3522eddc29425ea33637ea1deeda7cb89db412bc0e1ed4eb1aaca89462962829226582fec13e40affddae74a1af0797d7d4992
- SSDEEP
  
  768:JJuJRvI2ALAGUg00j0M6mYLnYqYyKMeEtMqGmx4:JJuJ1PAL10M6LYqYKeIgx
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32