ab6e43eb1364af849583cb494ded4567ddf222fa98cb9758ce4a4dbaed14f5fd | Triage

Sharing

General

Target

植物大战僵尸杂交版v2.3.zip
Size

85.5MB
Sample

240809-yz9cnsxepr
MD5

1c302f0257d636774873c7dfdf5bd24e
SHA1

2cca7a9d5552ce05e9adc5e4fcda33c999e58bed
SHA256

ab6e43eb1364af849583cb494ded4567ddf222fa98cb9758ce4a4dbaed14f5fd
SHA512

c9fbc5f818af2d284433278a458cc573cbd0571f17f69ec8cef615e5556d812b59e817e87f1570337d140f6cc84f72c813880e6f7a7a78e79faeb822a128be4a
SSDEEP

1572864:TFwiueaBZy/5MlkwpUSnCeIZueIEPmK/CPST+TKdEjPxf2M:TmNegyRUkwCeIYeICmK/CqoKqjd

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  植物大战僵尸杂交版v2.3.zip
- Size
  
  85.5MB
- MD5
  
  1c302f0257d636774873c7dfdf5bd24e
- SHA1
  
  2cca7a9d5552ce05e9adc5e4fcda33c999e58bed
- SHA256
  
  ab6e43eb1364af849583cb494ded4567ddf222fa98cb9758ce4a4dbaed14f5fd
- SHA512
  
  c9fbc5f818af2d284433278a458cc573cbd0571f17f69ec8cef615e5556d812b59e817e87f1570337d140f6cc84f72c813880e6f7a7a78e79faeb822a128be4a
- SSDEEP
  
  1572864:TFwiueaBZy/5MlkwpUSnCeIZueIEPmK/CPST+TKdEjPxf2M:TmNegyRUkwCeIYeICmK/CqoKqjd
Score

1^/10
behavioral1 behavioral2
- Target
  
  ֲսʬӽv2.3/ֲսʬӽv2.3װ.exe
- Size
  
  80.2MB
- MD5
  
  9980e0e522e54365623225e13e381253
- SHA1
  
  43ba04b40316e74bf7b0f489ad617ecf0dcaaabb
- SHA256
  
  83d853ed7dae736ce2bbcf6db36e0c23a4cac10d6154b4bb6cc5b087fbb2ebdc
- SHA512
  
  7871e3f8c6a97f999312c42ec12a6bf2e91cc7d615836337a9e49ba2376a472bbedd07857a9331d383c91047135212f9cf9a77797ebcf98dc7dc25e6fe9bee57
- SSDEEP
  
  1572864:GaCkrHSBvEl0wTFWhFYUbIOYyOkmb6l9PoBkm4RflzXi8:rCkS1s07HYU8OYnkmb6bakVp9t
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  15KB
- MD5
  
  d74bb4447af48da081c7d9b499f3a023
- SHA1
  
  dadf6e140e6fd8e49a1851cc144bb022e0adb185
- SHA256
  
  5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52
- SHA512
  
  9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758
- SSDEEP
  
  192:0hdGZ2E0hm+Gc7ROMzCPvXWROt086dXHGrEKcDDi0b5ZsgMgiCXyo1Fp01eLLuIt:0hdGZ2E0YWV2908oj21ILud8
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  43KB
- MD5
  
  34f26f7c3fe27d37dad8b799f61f2f06
- SHA1
  
  13693a61ef439137b9d4a05624f1b080c3773850
- SHA256
  
  1d1b08f87537884fcd95f4a8520bef11b89eeb852a025b04bf4cf62780992b5b
- SHA512
  
  18afe311c82574b77c344b3bb83bb9429614d51c3f408704b4544ada1a11dd9ef91fe1f41d7b7c246c4f028af65cfbe8df5b6b2455980d3426ebcf123b815891
- SSDEEP
  
  768:ENC1Ci32Komp/MQvvt/nkfohB0kk7AwnTEDlP4viKdHw8:ENC8i3mu1neAuk2JMxKdt
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  bf712f32249029466fa86756f5546950
- SHA1
  
  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
- SHA256
  
  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
- SHA512
  
  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
- SSDEEP
  
  192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/license.rtf
- Size
  
  45KB
- MD5
  
  68ccbb8270c98f94d370eb924589e7a9
- SHA1
  
  bb9368843e0d0a78f540b6df69eb98256b4c042f
- SHA256
  
  0c47640694d32f91febb8c837081b77bc97aeb274152dba04c4e5448845d9520
- SHA512
  
  f4b0629d0ce11839ca384e5b041ec192b0727f80b559886029deaaf4c75b8126b1f55364f3ef4465c7aab31f953a31b635991d98e585c512ecf6ed80c24ef0eb
- SSDEEP
  
  384:YJggqaxikc+LAFzFdozPEFJDxGtH3/tirLmi6rGsuWTzc9TLvzh4nMNLoJ0o:YJggqagFVkH3/ti3HWTz2TLFNLoJ0o
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/logo.ico
- Size
  
  264KB
- MD5
  
  6fb38ffb714d6d7d1e12697513fef822
- SHA1
  
  ce7e98021d2dbeb3108e373e217deaf3019a20d3
- SHA256
  
  ad55f328eb4dd9290a15dfbf4da474baed3269f934fd4a86de7b9487ee450cc4
- SHA512
  
  bcba7e5a9e4b619b0b9192d4e6c5efc31a2b08c65ac7339338712bc4891f9beb12625e9c816f124022129336e7ce84ba86dadd94394b09d32b0f7165361fa266
- SSDEEP
  
  1536:e1iXJzS7Yn67R0yhOUP8WYmWzJz1bp+C7Yvyh8uMGlauNmh1k3yR7j66wBihGxhC:Ai5zqQ6z+ZN+C6Fk3yRq6/wlSzr1L
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/md5dll.dll
- Size
  
  6KB
- MD5
  
  7059f133ea2316b9e7e39094a52a8c34
- SHA1
  
  ee9f1487c8152d8c42fecf2efb8ed1db68395802
- SHA256
  
  32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
- SHA512
  
  9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
- SSDEEP
  
  96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/nsNiuniuSkin.dll
- Size
  
  891KB
- MD5
  
  cb9ccb0f6923b5e38221a2c9603eb669
- SHA1
  
  7214cae53f36cab79841e9d49b07cffd7ce5e1c5
- SHA256
  
  6a38b8084e7493ff57ea3eda7101fbfd6113d8470531b479ce05cefb4e34bc79
- SHA512
  
  5d510870559737ba9f10447716a654e3aa609b64a1b753e2d3722b7b92e1768980d2ff070e639add57a13a7941c1d680ffa6e13abd47c44b1d18a230590ebb6c
- SSDEEP
  
  24576:1pIQCUFPxa+iDkpxMJIpgT62mQh8lZIn:yUFPxarJICm25oZE
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  88d3e48d1c1a051c702d47046ade7b4c
- SHA1
  
  8fc805a8b7900b6ba895d1b809a9f3ad4c730d23
- SHA256
  
  51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257
- SHA512
  
  83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/skin.zip
- Size
  
  2.1MB
- MD5
  
  e3b6ee154e46fc90e827feec8f4bf2e9
- SHA1
  
  435309cba8e7b43b5689361a21dae0a3450c0718
- SHA256
  
  491c67c3a67f9370ed842d2b4ffbf220c550ca96efb40003bda3947b4ac6dcfe
- SHA512
  
  d57d5a57a41acb39aeec109c6dc7149953709c8a7e6483007782e9fc87584e261d036019de9508dbb35a8a39ba83b17086a27c23f4e41cd62cab2da0726820a9
- SSDEEP
  
  49152:1rVWAXEad8Xw1ugefgoP7a1eiTuqcGdhTomt3OP8/okfAQ:GcXd8GproPWkiJiQ
Score

1^/10
behavioral23 behavioral24
- Target
  
  app.7z
- Size
  
  74.7MB
- MD5
  
  f2dda89a21dc34f19cf1d7ebbd5373a3
- SHA1
  
  a749090d5e84ea31fa3bffe7d0bfaad4d78aff89
- SHA256
  
  e1d4c2b37bfd576b3394ae32b72a65d57c412032b9350697d0a3f07cec99fb16
- SHA512
  
  6bb30b68e6c2c6dae25c2c693e7ec9fcd5431317b862e674186e9f5f22cf2b14e7314657a1955dc7d69c59e3ddc2c444d147aaa3f3c9a3465fec7ce92d55ccd1
- SSDEEP
  
  1572864:TjqIaaIsMvrwiwBECXtTUiZ0x8eX84UAIG1UdpC:XqUIt0icTUA0x8eXrrI22k
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  logo.ico
- Size
  
  264KB
- MD5
  
  6fb38ffb714d6d7d1e12697513fef822
- SHA1
  
  ce7e98021d2dbeb3108e373e217deaf3019a20d3
- SHA256
  
  ad55f328eb4dd9290a15dfbf4da474baed3269f934fd4a86de7b9487ee450cc4
- SHA512
  
  bcba7e5a9e4b619b0b9192d4e6c5efc31a2b08c65ac7339338712bc4891f9beb12625e9c816f124022129336e7ce84ba86dadd94394b09d32b0f7165361fa266
- SSDEEP
  
  1536:e1iXJzS7Yn67R0yhOUP8WYmWzJz1bp+C7Yvyh8uMGlauNmh1k3yR7j66wBihGxhC:Ai5zqQ6z+ZN+C6Fk3yRq6/wlSzr1L
Score

3^/10
behavioral27 behavioral28
- Target
  
  uninst.exe
- Size
  
  2.7MB
- MD5
  
  3992d1a7330b3f2fe893fb07cfc210f0
- SHA1
  
  b29d297ff342b8df796feb359d4915bd74906e28
- SHA256
  
  ee6506dff903e56abe4b526af6c8e7df2311eacef590c4d1745a55b9ea4ac8b6
- SHA512
  
  31cd0e1a5f03de7be1e11e5a7a1b080c20cc14f96b8ecc716fcd4370a2bba5da025971e4b79a9635eea158634be6aee1c5117230a07041ca52ad0cfe9132f0ff
- SSDEEP
  
  49152:tgNVWFV4BwvTX6/eornyjJZ1AqaqdhkozGcOWR/IPwzePI39UWc:tfM0TPorabiSHoINUWc
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  ֲսʬӽv2.3/Ϳļ;˵.txt
- Size
  
  1KB
- MD5
  
  f4438e5258bc16b4d39a4ce3c7aef7f8
- SHA1
  
  b125ef28283e5b424853383816cebc793a783a96
- SHA256
  
  c2ccfdc30031226fdccc7efc32a4ce0475b573cda0b67bdaa0d4f66bf54c9ae5
- SHA512
  
  fd9c2dc55954968916e6996bbf6eef5df5c723d2eb8fe3d0ecbf5fa9f4b23d534544c857d2d93495ade5ee7f01c5e5ba57a5c8c995afa886dc58495aaaedfb87
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32