Overview
overview
8Static
static
3doudou_BL_...ai.exe
windows7-x64
7doudou_BL_...ai.exe
windows10-2004-x64
7$PLUGINSDI...up.exe
windows7-x64
8$PLUGINSDI...up.exe
windows10-2004-x64
8$PLUGINSDI...sW.dll
windows7-x64
3$PLUGINSDI...sW.dll
windows10-2004-x64
3$PLUGINSDI...86.exe
windows7-x64
7$PLUGINSDI...86.exe
windows10-2004-x64
7General
-
Target
doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
-
Size
100.4MB
-
Sample
240806-wg1xgawajq
-
MD5
cd7120f0525e25a7f468ba659c2f09ec
-
SHA1
794dac92693ebdecb09aee22c92cc1022d6e089e
-
SHA256
73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc
-
SHA512
3d6e0eb2edc54697e9bae03ddde0b49393ae21ad358a01732d15d1057f65e50d6c1c08748c2a6e586df34613eb1a4db3605dc651c39792502b49252e4837aaed
-
SSDEEP
3145728:7jtmK+4P8V7Hfi+pu/NazL2AkrMJ/OBLaCq1b3/:AK+HV7/i+aa3NCe/
Static task
static1
Behavioral task
behavioral1
Sample
doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
doudou_BL_OPENAZ_3_&W66b2626200003b0bW&ai.exe
-
Size
100.4MB
-
MD5
cd7120f0525e25a7f468ba659c2f09ec
-
SHA1
794dac92693ebdecb09aee22c92cc1022d6e089e
-
SHA256
73ce1277ab8bd148f5c40e121c1fd7710acb1443e074c0f926b871c36f0f35bc
-
SHA512
3d6e0eb2edc54697e9bae03ddde0b49393ae21ad358a01732d15d1057f65e50d6c1c08748c2a6e586df34613eb1a4db3605dc651c39792502b49252e4837aaed
-
SSDEEP
3145728:7jtmK+4P8V7Hfi+pu/NazL2AkrMJ/OBLaCq1b3/:AK+HV7/i+aa3NCe/
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/MicrosoftEdgeWebview2Setup.exe
-
Size
1.5MB
-
MD5
8b3b487e9dfd2852b5c8634b418e7c7e
-
SHA1
45ff4beb4125aed9fef91e88c03e93b8853ddeb8
-
SHA256
61ab4d9e17954ad9885736ccd19a9a7e809105074b59d12ab78f4eefbe5d9581
-
SHA512
2c041aeb5decf51134afbbf5583ed4a23d92ff5a7bcc35450a07f123b9950a57646522a5dcb34089e118ee353ecd1041e0eb020e55f9b9f8e67bb35cf519295d
-
SSDEEP
24576:3wy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzU:Ay53w24gQu3TPZ2psFkiSqwoz
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/nsProcessW.dll
-
Size
4KB
-
MD5
f0438a894f3a7e01a4aae8d1b5dd0289
-
SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6
-
SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
-
SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
SSDEEP
48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score3/10 -
-
-
Target
$PLUGINSDIR/windowsdesktop-runtime-7.0.11-win-x86.exe
-
Size
50.6MB
-
MD5
7971543116eca5be24d8c68c87e578c6
-
SHA1
7494d16f34b5f7ed1388038818817732fa7b8204
-
SHA256
9e3802fa0578282a65d8df72ba0308660fe80a67dd023e02e94dc2d3c11834e5
-
SHA512
b7583409ea718d60ac81e8d28ab7511850d0b43e9bb9ea8488dd473b1ca904afe99d1ab298b1c5ab5271d8584baed65653196d3caf0ad9737e70f2eccbb9be4c
-
SSDEEP
1572864:X0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP:XjtmK+4P8V7Hfi+pu/NazL
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1