d4896710afaffe27c363a045647ffd4520e060b40fc78788f96db24399262d12

Sharing

Copy URL

Twitter E-mail

General

Target

d4896710afaffe27c363a045647ffd4520e060b40fc78788f96db24399262d12
Size

4.3MB
Sample

240811-xdck5swgrd
MD5

8b770d961aab663e8b1907c031d37b21
SHA1

eaf6aadfb64ea39ae8414efe5b0b875338630b1e
SHA256

d4896710afaffe27c363a045647ffd4520e060b40fc78788f96db24399262d12
SHA512

f4c7db229df7fcb8a82872278e2154ef91f2de10eaddd6ea7750b1ec69076e5e5ab8fcf8ab309a9056abd9b13e8b8be847100508540ffccd596c9086d0855276
SSDEEP

98304:8TwTzuIFQyHPlcgL67xr6Fck4YC5erPvqdlZtkViHTR5NsNrK5pmR4AXzbX:8TwXQUlcgLOxQBBCYqd1kViz7mdipmR5

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://v.ku6vms.com/phpvms/api/upLoad/

Extracted

Language

ps1

Source

URLs

exe.dropper

http://v.ku6vms.com/phpvms/api/upLoad/

Targets

- Target
  
  Phpcms2008 产品介绍.html
- Size
  
  5KB
- MD5
  
  0d444b10ba1486177370d5903e2025ba
- SHA1
  
  d56cc84e5aa6fb3d9ce0d98a5a08ff88cb92da8e
- SHA256
  
  d5d015685342d9efea4ce8f6d6bee69ab0aabf9c370795381804de9c837673ac
- SHA512
  
  36b1198c10cc121c2b91d32a0d8b3f495e18527a81aa7d1a0acf26369c2c3c661ba46662faaa66a52fd4afc5d497168b4f886a5261c6280d09f382ed60e158ce
- SSDEEP
  
  96:SIkTOnTeblvVniseU9Ubzv3eGzwIiQifk+NdXjyPJaQHmGClgF7QJy9kclyXIdD:SIkTsTeL2HuswzQifk+DXMglgFeukRXW
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Phpcms2008 安装说明.html
- Size
  
  2KB
- MD5
  
  07fe78e1384e66f7cb5ad3a91df05479
- SHA1
  
  6dd82adcfd24de4d950a1d8275f09ef90edc9878
- SHA256
  
  8372d4889eaa16f3e82443c7f41aa9fea64e39a9e95e2e2c413f1098b2c5784c
- SHA512
  
  9d5f671f7a3afbb732ab3d92691b05542c1c5b0898768b8869848e0b80f4f437d9cbf900d990ccfff9d342f8c70c64c41123d8bc83bcf08336d90f1c376d363a
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  doc/新云软件.url
- Size
  
  133B
- MD5
  
  4f0017b3b346bd0626f0c3b915e6e734
- SHA1
  
  823bf3ff9e16cd636c9dc0dc690d6a586fcbfe92
- SHA256
  
  df65af1fc1e09f6effbde7e0ef1cb64d6caeef1f62b0e6467821efa032533678
- SHA512
  
  0f5eb5024cf6a0323f7998d419995a707c48de917a5899a185369e6acfeb17c09ffa03f7d110adc87b8de20b7d4bf30d50c72479bfb18614d2e21cbe169dc5a6
Score

1^/10
behavioral5 behavioral6
- Target
  
  phpcms/admin/category.inc.php
- Size
  
  13KB
- MD5
  
  51f3e48dbd990f204613c48149873391
- SHA1
  
  bd64e73a9cf81c09003e3ca6ef92889dd12378af
- SHA256
  
  2473f280bd73bef9e52f7366339cb05d6b1cfbe2dc51d3dd0c482406de141ba7
- SHA512
  
  23ae93d8d5e0dacdc1a5956598a0747e67a7fbd22a3e5363b08d8c207b6a2aff6e5d35364d14de8ffa274bf83e3c6253d88d9d78967910289171cb0adbe3b9b2
- SSDEEP
  
  192:acEcjOtLx5/1FoCx2b0LYD7jqcr/QQW4v9su:QLxZ1FoCU0qjqtW
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  phpcms/admin/content.inc.php
- Size
  
  16KB
- MD5
  
  28a5ee2c4d52161201cb5548ea7e83b9
- SHA1
  
  c29b39b8fe63d5b301bea2e4e47910cdf8ce891b
- SHA256
  
  4269f90b4e17b63414b01c33410e3560551e8b56ee8955de4256a603fb54b0e9
- SHA512
  
  0e2b3acebf977728deccd103a3d4ecc7df9c46b9ebd52ffcd1ec848326daabda90eb9cb1a584ede169ba02e8792ca8b149cdfc6a0a057f2d1f0f6625719cefd2
- SSDEEP
  
  192:9735ARL2X6Vb00p7mBv7ASXUPAAQB57iF05wkDYM0MoCD:9735m2X6BBp7Mv7ASsg5+F0FcM0MoA
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  phpcms/admin/database.inc.php
- Size
  
  5KB
- MD5
  
  4eb69f44bcb949b87ac4610e36b55a02
- SHA1
  
  ca9aa8cfff0cce334f93eba4f5861d44d430d756
- SHA256
  
  88a9f6fd4f307c6b38b2b80e63916b9cf2bc6440386e4fef37b166bccb7b7e41
- SHA512
  
  2799cd2552db1a2b60838aa51e1c791ce85237b81ddcdf1ebf9c421deaf0e53eaf6a9988a2504131d2d4276353a9a1416ae5a2d3539f0f9941edf0f4f78da7ba
- SSDEEP
  
  96:y4bEsn8jXeA1DYOeZqEBKbdm7L2floKIDuqby0HvJMC05Cr8JhQ:yOEG8XH1DY2Es8L26qOTMm
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  phpcms/admin/downfiles.inc.php
- Size
  
  1KB
- MD5
  
  7c1be1baf5334ec9f02a20d7338950e4
- SHA1
  
  bf53dbd5c5d25f8069cde4603b40a4baf313d596
- SHA256
  
  de30c8ecce8171a0119c907495a7c80cb5811f0dab64ef93a80bb26dfbe71825
- SHA512
  
  19cd9d4d596c79f3626171b9b00dbdd3df658da15221b129b861429b661f88a7b05bd0f9f640cba87be56551be618c16bccad59aa2375edb27a37c8242eac255
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  phpcms/admin/file_select.inc.php
- Size
  
  2KB
- MD5
  
  9ab3403d984e09de29aeab0136495661
- SHA1
  
  4cd2b476302da2e1df0449fe0ac8b53660dd2f18
- SHA256
  
  156f0dd267732cab924151f2cfc83a1ce8a15de710596a9136155a726ec52a1a
- SHA512
  
  0508aad4c75b761181f651b288657a8e6370a96aa242985e3c0ffdc5cbdb6070158480760009d88d1245ba430f829fbf6936c6febb950c5c69fc6280d30817dc
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  phpcms/admin/html.inc.php
- Size
  
  5KB
- MD5
  
  e8159387959c6f2683e5c3607861dd10
- SHA1
  
  28a634600322f34b37abb1400487347d61017660
- SHA256
  
  9bda9df32e4fcb22de76f10f573ae3f9dc02074bf398b8963febcf2ce4e2f763
- SHA512
  
  13b48638138cbf2687fddb456d2123108da8fc3c9d7266d33cd8de5b7ced964e632a9a98e9a84196bcf934f3d16dfad2539177ddb6eb5bd615167d6d96a9c07d
- SSDEEP
  
  96:aSUbEUkfWYLrZfTD425A1QVNBe5CpISg161D91YGLiRb7+tS9:/mEUkL17D42lBe4pILKGuA
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  phpcms/admin/import.inc.php
- Size
  
  5KB
- MD5
  
  ec4d813a075635c416311a89b3d39ba8
- SHA1
  
  e7478e3670ffe56ba724a0a3af0e494777ff5158
- SHA256
  
  e31ef08a33f878055b44add1d04edad96b6b19e332d553783b503b06b9885f30
- SHA512
  
  c01bf470ad479d868da04612d7974ad43991a63f89572d06e93b349dae0af16a70e7bd16e4a0612d068e8b1f52e70ca1c9164095fabca22f63e11967bec1458a
- SSDEEP
  
  96:gNsHP0+qASn48ZknCki6IgjzBgCNEFk6teUlFrOvsdds3BbobibDHv63GYwfwp/s:mC0+qJzaIgjzBgCNGZ4U3Ywbiben/LY
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  phpcms/admin/index.htm
- Size
  
  152B
- MD5
  
  74a2eac9f7e210cba07b8fb08551fc91
- SHA1
  
  08b1ca5df7662a33648ac501e981f2db2e64a0da
- SHA256
  
  0f2bde3d82f53c91f604f940a1f987e5c2d4faa02abc33b6a296d260e8cfd919
- SHA512
  
  56f7a469c612f94d8112ae7ea5208049fec3d97f5cd2fa84231b6be1b6fde69035f19388e517659506dde8ffba0c758e359716006f17640422695215e33ea83c
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  phpcms/admin/model.inc.php
- Size
  
  4KB
- MD5
  
  57a94d64c18de54817c40df9856c5829
- SHA1
  
  e894038c1e06938a74a37358e17b174bc75082a0
- SHA256
  
  c6ef2bd89e7b56b937486329788ac836bf37b8a9693b5ec13be61b1d5c7bbba1
- SHA512
  
  86479fcba37d5d1a65c24eccdc79bce49d78252569267625deb1c720fd249ba6c51a0a349ab822e32dc0c04b204ab9653696a42cc95bcc8c7321a4945d959a18
- SSDEEP
  
  96:VkUHgf9hu72OO3x0KETXIi4yNOpFG4Dzm682TFmFQF:mUAfO7qxlE1po/m92TFmFy
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  phpcms/admin/model_field.inc.php
- Size
  
  7KB
- MD5
  
  982c6f3a0bf2c0e7d20848a9279ea082
- SHA1
  
  2f48103176760a8a45570cc978882415a55a8449
- SHA256
  
  52969d79753a69e7b04f772795be90caeaf980591fb4239dc8a82d900fc83b5f
- SHA512
  
  c870a63f639507f5b77841347fa0c99f767a0a73d5a1c649348f587896a51acc25024627fa9232d48b9b8185ddc1fb6ad5e3415fffb3e00fd3831dc4c4aee36e
- SSDEEP
  
  96:6vFGfzOVLUpwIrFLg2NbLUpwIr0LkOLLKUzwBz2LKuoTY3xH6u6K7Jb7WmiTZquh:mFcCduy2tu0ZWUMAzoslDptPiTZ/
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  phpcms/admin/more_pic_select.inc.php
- Size
  
  2KB
- MD5
  
  3826b4d33431463a495edba8397dcabb
- SHA1
  
  8c111c521b1783254922cc99b5ef23df18546595
- SHA256
  
  0c6c954f47c340204840eb6ea023490fdfb3f37e4a02bb738b656ce5fbf7ff9e
- SHA512
  
  2374dc7ac0d0e5293eba61c8e2fe38b11436c5ffc5dcbf48e9372c5e228eee43155e0aeba60379e292a60617c642f9741bd79dbff10aa67374b282ac1c6bb65d
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  phpcms/admin/safe.inc.php
- Size
  
  4KB
- MD5
  
  af9a0f41197687558acc9c91d6c769a8
- SHA1
  
  b17dafb96762bdda006639554f02937bcd11ca26
- SHA256
  
  c10a98fa6ed7a6a5e2291736a065bb97e81fccaae067730c7045a6c0862da0d4
- SHA512
  
  04d674fa1c6c6277fbcae885a95fe919314795ea9c7ec53584d85642a39ddf2b9a60a8f690699521587b029019fca00884e0631a5a3c2a4f31a7c797c42232a3
- SSDEEP
  
  96:/Ue77qI5TszgF4le9l4lHqkBziVNeQBe/S/jDmU03eRaDhSVh:cqT/4kl4gmGkK6SNwRA
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  phpcms/admin/tag.inc.php
- Size
  
  13KB
- MD5
  
  582fe4d62b36207ae92c486ec728757e
- SHA1
  
  cca078b6a72922e7579683d89cba115190800188
- SHA256
  
  c86c80fb32a9a6b91030ab588602896e3c310ae372625331f6f932486a884786
- SHA512
  
  3fc0e15dc1f1d879475fb511360727fd327e6dce2f32bac20fbe15c2d51ebc151980a9ae6f012fbeab4eb939a9d6e5b07c42bb7c6cab199c19e5613a7917f4af
- SSDEEP
  
  384:zoJccZNUSVPNUSV720UkUPREaO7k4hf/HfzjMYUQlnqgEgR7IYuPUUnt81oJ9:zoJ5NDVPNDV720UkSREaO7k4ZLjMYLly
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32