Overview

overview

7

Static

static

7

虚拟磁�...sk.dll

windows7-x64

7

虚拟磁�...sk.dll

windows10-2004-x64

7

虚拟磁�...60.dll

windows7-x64

3

虚拟磁�...60.dll

windows10-2004-x64

3

虚拟磁�...��.url

windows7-x64

1

虚拟磁�...��.url

windows10-2004-x64

1

虚拟磁�...��.exe

windows7-x64

7

虚拟磁�...��.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83773389608d6e1f29e85c6f6ec8c3ac_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240809-zdnphssamf

  • MD5

    83773389608d6e1f29e85c6f6ec8c3ac

  • SHA1

    dda610e05a5233a1b0ec19510e418923c0611f4d

  • SHA256

    cc9ecb59ee1459f6375929b6e8b3f5ebf2008edc43dcd4abf1e1b6eb327933ed

  • SHA512

    6b10769fa70e3537c93d2930622ea1812c1aed2c30bb16c35cfc2b00c60711eb3cbcc3048dc8d2f2d62b67a4a36e37c925f5b934534e6bf56fec73b394d87d28

  • SSDEEP

    49152:DRE0rehRftBbCLOZbK2W6C2SYF+lnwH5kzAgKCG30FaeHm:DREdftBbCLYC2S6+uH5T90FaT

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      虚拟磁盘精灵/disk.dll

    • Size

      1.6MB

    • MD5

      b37b2c49d236b0d55de65c8c8857dd02

    • SHA1

      5b1f0c600ee7067b9af54cc94f95012c185212f1

    • SHA256

      8feb175fe2d73bf13aadd6ce890f7465bf55b6109fdaddcf6bed316eabca73fd

    • SHA512

      f7970393f6ce97d54ab1708e80c58aba3e1bbac76b4cc5cc01f55a161d9ca1818ade85007e50b3f85883f8153498b46a080880971a5317c8435f1d90a55dafd6

    • SSDEEP

      49152:NYMVbWQxpcTFXeZ6UvAZFYSbVcrZFNg3:eqbrxg68bb0g

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      虚拟磁盘精灵/msvbvm60.dll

    • Size

      1.3MB

    • MD5

      efcf843edd837c5ab013e53fe6d03993

    • SHA1

      29b9d05786b2e27d7c7b08a5a7c6291da53bd4a7

    • SHA256

      bec16f80e024ac2b182b46415872dbde1a1da553e850a2228a72dec4e05ed64b

    • SHA512

      21fdad4e1a2663b376abccf30f7277d9df3f6cafc02eafc5f841fa3d8f66e943a218ade67a11a1631cd466639c391174d3359d59fa314e74ee9155e01229859b

    • SSDEEP

      24576:1TGs6JlHZLKCd6oQwznJyXpWIqaqufQrRhLsbRmUSi8zlmZYnDg+:1TrojznJyXpWISufQrRhLBUSiWlFM+

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      虚拟磁盘精灵/新云软件.url

    • Size

      133B

    • MD5

      4f0017b3b346bd0626f0c3b915e6e734

    • SHA1

      823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92

    • SHA256

      df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678

    • SHA512

      0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6

    Score
    1/10
    behavioral5behavioral6

    • Target

      虚拟磁盘精灵/虚拟磁盘精灵.exe

    • Size

      228KB

    • MD5

      b2333d260c3c29c04acf787dc904a085

    • SHA1

      cf14412096de305761af6ccf43808d719addd643

    • SHA256

      0dd740baa539da5ef30092aae99fa17cd470d73a7d5544cff68243628638e39b

    • SHA512

      a156038a9df092161c090870861c793b27f3d33526cffed55b7fae409a366cc70ce1944ce9331ccc9acfa38a3d63ceca8b035285b38cd23f54046bd24787b381

    • SSDEEP

      6144:GEFB0jx1vJ5JF6gJ82KeBB8ipF1b7klv44:GEfwJl7nBB8+alT

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks