36b34079854256865591ac9e70a2da55b4b01e806a70d71cc6faf364c7b4cf8e | Triage

Submit
Reports

Overview

overview

7

Static

static

7

Baidukongj...ng.exe

windows7-x64

7

Baidukongj...ng.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Sharing

General

Target

2c3eed0ee43fa58ada981f463c968241_JaffaCakes118
Size

1.3MB
Sample

240708-n25gdszepe
MD5

2c3eed0ee43fa58ada981f463c968241
SHA1

02f6243c55e80326319b236f079e3de5e4e014c3
SHA256

36b34079854256865591ac9e70a2da55b4b01e806a70d71cc6faf364c7b4cf8e
SHA512

7f7f411f749bca1ee24adf989c3a411d57d9baa5c106b6a1da49ec2bfa241589a86c0d3c313eaa6d2c1741b27c093eb3d878120d8d29f862b4a0d830a851dddc
SSDEEP

24576:YsWoWcyF83yR4yso255qMFTgmyiPqyH6GQMk/SErvx55c3+AIr6B/CwoZ:ReHFDR4YO5qvSPrH6GISEd5OulV

Score

7^/10

bootkit persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Baidukongjianrenqiwang.exe

Resource

win7-20240705-en

bootkit persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Baidukongjianrenqiwang.exe

Resource

win10v2004-20240704-en

bootkit persistence upx

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

新云软件.url

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

新云软件.url

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Baidukongjianrenqiwang.exe
- Size
  
  1.3MB
- MD5
  
  a08c45488228c75a96d9b3c100481b25
- SHA1
  
  a1ea78b322598a51e5ae4f72bccdf19c12789560
- SHA256
  
  1d6a1d75a9e3293547d6976da5dc07bdd9c529b50635221e02433ffda9ccbb0b
- SHA512
  
  83577d8bd3f07d41c0e4a825bb28aedf4b76fbcc13924341b9df9e571a071348584178b091bd86d8e88e1c423aa15bcb07f06139a33ac5e141c89d5ed32dee19
- SSDEEP
  
  24576:V7uuFdWw/VMXG5OPVi0oIKKEJDaXteZpMXfln/j6mNM9KKk9dXLk:Nuuz+XGoPVu3KEdz4vN+Kf3
Score

7^/10

bootkit persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistenceupx

behavioral2

bootkitpersistenceupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy