General
-
Target
运维申请工单回执信息-8月8日附件.iso
-
Size
6.5MB
-
Sample
240808-fpsm3azdkm
-
MD5
5473b8fd201307e601f0f614cc732160
-
SHA1
8659dbe67d20def6e0ce1aa0023e2c56d1e79696
-
SHA256
03b3d2ae0915347318a7137e2d16356d52de31d3d7d98b57c3bae0229379d2ab
-
SHA512
47e805e94b8b920e233a1d0290fe7e36f0609bafaf224bd084b9a749d2a9799c747d0aa0b6ed1c46fb648f7f2403968494542d2e65a5b2c81b0d66d65c565c16
-
SSDEEP
98304:6s6nGqL7BRX3sl3/chcj06UdUHGnPfw+kKI9YikEt5W:6fBRXcl3/chcj06UdUmnPfbI9Yidt
Malware Config
Targets
-
-
Target
运维申请工单回执信息-8月8日附件.iso
-
Size
6.5MB
-
MD5
5473b8fd201307e601f0f614cc732160
-
SHA1
8659dbe67d20def6e0ce1aa0023e2c56d1e79696
-
SHA256
03b3d2ae0915347318a7137e2d16356d52de31d3d7d98b57c3bae0229379d2ab
-
SHA512
47e805e94b8b920e233a1d0290fe7e36f0609bafaf224bd084b9a749d2a9799c747d0aa0b6ed1c46fb648f7f2403968494542d2e65a5b2c81b0d66d65c565c16
-
SSDEEP
98304:6s6nGqL7BRX3sl3/chcj06UdUHGnPfw+kKI9YikEt5W:6fBRXcl3/chcj06UdUmnPfbI9Yidt
Score3/10 -
-
-
Target
out.iso
-
Size
6.5MB
-
MD5
5473b8fd201307e601f0f614cc732160
-
SHA1
8659dbe67d20def6e0ce1aa0023e2c56d1e79696
-
SHA256
03b3d2ae0915347318a7137e2d16356d52de31d3d7d98b57c3bae0229379d2ab
-
SHA512
47e805e94b8b920e233a1d0290fe7e36f0609bafaf224bd084b9a749d2a9799c747d0aa0b6ed1c46fb648f7f2403968494542d2e65a5b2c81b0d66d65c565c16
-
SSDEEP
98304:6s6nGqL7BRX3sl3/chcj06UdUHGnPfw+kKI9YikEt5W:6fBRXcl3/chcj06UdUmnPfbI9Yidt
Score1/10 -
-
-
Target
Cache/Cache/Cahce/agent.exe
-
Size
1.7MB
-
MD5
4c5573cd4e337819e372d9dbf797184c
-
SHA1
7bed068528178cf539e4778d2c3ca7332a69935a
-
SHA256
8c67c11e1a08904096ff979bb37bb68905ce4f829fdeeb8c457cef343c6abc1a
-
SHA512
00c021b574d920a71b58d2ec02b8ab8d8f504dff635a84d740d6049d5c77ed2a17e666304f4140c4501804d91bbe63a456530cc9b76ac873eded7095565de621
-
SSDEEP
24576:999l2QOMFxKp6blnSOIqL7yFPO3tG59Xx1xda1NN73imbmVq7u:9fQQOMFiMnSOIqL7Bc2X3q
Score7/10-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Cache/Cache/Cahce/help.dll
-
Size
1.1MB
-
MD5
ec2314b53f5745b8b9216b90c3911fdd
-
SHA1
118e4a01583dfa95a94ca03cc552870039ce8761
-
SHA256
4561d58fdc39f1416c8c87b7fbe0337f77813233f2ffbd5232aec11437aa5651
-
SHA512
3333175d2b05b6a39a62ec5883995d6c75277eebbd13c747fec5c5f9a2c1a97d79a3aad30b76fb26d28e988ce14cc48409e9aae61689ae4e6965896dbae45fa7
-
SSDEEP
24576:TbvCNITQnYxqw3/jtE60hcj06Ud8EU67aGd+8j2kRVHuVOamJTTkUmI2ZUpVdPiI:TDCNITQnYxl3/jtE3hcj06UdvUWaGdFB
Score1/10 -
-
-
Target
Cache/Cache/Cahce/parfait.dll
-
Size
3.6MB
-
MD5
9a58510c6b40b505449761d042d70a75
-
SHA1
8a090180629b038d8baa30e8d49e9281aa77c822
-
SHA256
bd44a460a4cd1d8ae0d3caa2b76e79597c2d012105d05c4927cbf818f1a91b58
-
SHA512
d9ce0ffcaf6fe9e803140de68e318a660532c27cdabcee2a7fb8888b38797c161b668f0f276c4dcad56fe2915a841a55175c5795c6ba8ccfa6477146aa6680e4
-
SSDEEP
49152:tP5Z00mp+oBjG+ZMS9o5z8HhVrzjU5Eth/vems:Bw+kKI9YikEt5WB
Score7/10-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
工作薪酬调整确认表格.lnk
-
Size
1KB
-
MD5
37e026d66d6e3dc91317370edd34a7c5
-
SHA1
c41a2717dcba4670534afce5b9bd9238faf9adee
-
SHA256
053cb3f256ceda6cf44a2ade53ab8ff3f588335d03d7f08fa3ed93d55649198b
-
SHA512
5a0186b36c10bfda4242e314654ee13bcbbe769408b4110a951f73559746819c07490e0870fcf084f044590cd1788c0f8692ac06c5ce8c8de8ed4991cdf0d61b
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-