Overview

overview

7

Static

static

3

Z_Admin1.05/Help.chm

windows7-x64

1

Z_Admin1.05/Help.chm

windows10-2004-x64

1

Z_Admin1.0...in.exe

windows7-x64

7

Z_Admin1.0...in.exe

windows10-2004-x64

3

Z_Admin1.0...��.url

windows7-x64

1

Z_Admin1.0...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42b55fc91312b9502a4da81092603299_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240713-wcl8hsshqb

  • MD5

    42b55fc91312b9502a4da81092603299

  • SHA1

    269c2da33db3523c9f94bdd910befd880ad05279

  • SHA256

    ac645fa7e24f32f31802d6d7f199757222447afc43e70968d7a67dae23c2f2b4

  • SHA512

    2bf4bb379a8c3513c5cb2cf750c289fddddcd54758ff61b4c0e0e677e001d25cbfecd2f9c83cc11fb67b393fe221c1e0b9c6c992db37a709ba0978b8b81f5375

  • SSDEEP

    98304:2z0cB52ZFrvQrYBec2LPbQZ8W9zt/4YKmGy5jqp8tQbadcSoBOzpC0korV3I:SrrUrRtAkWyiYdGOqFFH0pd/J3I

Score
7/10
evasion

Malware Config

Targets

    • Target

      Z_Admin1.05/Help.chm

    • Size

      211KB

    • MD5

      c0fa7947cdd83bad73ecce4890ed1fc4

    • SHA1

      bff381cd126b3a048ea51ea12bea2c5f46689c27

    • SHA256

      2e305ccdfa8326a0350978f8387691fbfe88978e80f5b00db8de068564e139cc

    • SHA512

      7106e6962748f879f89db5ff2f9621980c6c932addaf0f35a84254535261bfce6d398011402e49a6c16be494a4c91022a389f3c1a6efb368ea97a2dc9d0fc722

    • SSDEEP

      3072:L/jGNaeVph4upt4yRKzBkmWXQNvAtYtzKlEf0ng08eAGLBm4vvi+A6wuzrxN6:Lr6a0ph4O2Kmm8vmYwlLXUGHvvHkuz+

    Score
    1/10
    behavioral1behavioral2

    • Target

      Z_Admin1.05/Z_Admin.exe

    • Size

      1.5MB

    • MD5

      25909fa8e7e19fac319c2f2db1406ae6

    • SHA1

      2d9754e96be7a9492d2dcd3407ea7ee3dbc03cc2

    • SHA256

      3a9cd9a922bbd4e4b0d81bb115c87daeee3f8c63f10d5879403a520f413f2dcc

    • SHA512

      2c43439c5efbf4d5e7421b724c041d7d8335cbf0be9b3912960122bc9c7fd7972d6568c24c17d575ae0f0017f7101ee436bc70ee2d4ebbbeb65e15fc30f73d8b

    • SSDEEP

      49152:Fxb3ts/zKrIG6V44z1aNgkPe/92ATEMUI:5gKUd1aNxanU

    Score
    7/10
    evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Z_Admin1.05/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks