General
-
Target
sogou_pinyin_guanwang_14.7.exe.vir
-
Size
181.0MB
-
Sample
240809-h5pmfs1gpe
-
MD5
16140f97ed51c0dbfc3668fa7e96f807
-
SHA1
1bb9fef2f5770a1dc835b70e6ff8f2fff223d2f8
-
SHA256
6f1f614cc6f7e08a0749dfc8cc9946860c924410d0f3d2dae16cc7ce1b1976f1
-
SHA512
c1efa4f6965e6ec012175d3aa63e807c4d2e1d6b8a4a1f6ecb74520bf618a3ae601a92f8373811e82ced545ffc1723c306856eb7b8a1ea5e627c6427e2866c2c
-
SSDEEP
3145728:448hObRuIVs6aVykHwhk8ts8sD/5rJspQXw62FNPOkqCgrc:0sRuWs6aysb/5rfowkqCgrc
Malware Config
Targets
-
-
Target
sogou_pinyin_guanwang_14.7.exe.vir
-
Size
181.0MB
-
MD5
16140f97ed51c0dbfc3668fa7e96f807
-
SHA1
1bb9fef2f5770a1dc835b70e6ff8f2fff223d2f8
-
SHA256
6f1f614cc6f7e08a0749dfc8cc9946860c924410d0f3d2dae16cc7ce1b1976f1
-
SHA512
c1efa4f6965e6ec012175d3aa63e807c4d2e1d6b8a4a1f6ecb74520bf618a3ae601a92f8373811e82ced545ffc1723c306856eb7b8a1ea5e627c6427e2866c2c
-
SSDEEP
3145728:448hObRuIVs6aVykHwhk8ts8sD/5rJspQXw62FNPOkqCgrc:0sRuWs6aysb/5rfowkqCgrc
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-