9cafa10ed3a39d3cf672958094f619c64dc0443b0c0d9608f07863ed2fa0054f

Sharing

Copy URL

Twitter E-mail

General

Target

9cafa10ed3a39d3cf672958094f619c64dc0443b0c0d9608f07863ed2fa0054f
Size

11.2MB
Sample

240813-qqsdss1ann
MD5

39ec6b36b1ec68a61317c0bac4d976ab
SHA1

2860dd1f850e60fd21600cd0d2c2d51a55453580
SHA256

9cafa10ed3a39d3cf672958094f619c64dc0443b0c0d9608f07863ed2fa0054f
SHA512

537cc756b75aae5c967971cee322e46c924f97b277c15a5ec99ff0b5bd27e93f2376bb3e44dba512edb09bff19c58e3c179851aae17c4ba20dbf8498944a813b
SSDEEP

196608:0aWog9ir8T+oYlpy0x773UcUpKVZheHbP8mSXuZXs/bjpkIojBvg7syP:0Nog9qixMy0xhUpkevSXFPpkIoalP

Score

7^/10

Malware Config

Targets

- Target
  
  [WPF]JJDown/Common.dll
- Size
  
  537KB
- MD5
  
  62eed5bc5ba3b4467eafceec2ccedab0
- SHA1
  
  5d6f6af57f1e7912ba4b7039383188820bb7d85a
- SHA256
  
  d4f60fe63c3d8a92a937073d50ad5108c1ca72f2d7079ada3521f894cc8786e6
- SHA512
  
  5155a9e3a261862f761cc21f49cbb8d8db35db9556224547e29e6b94ad498eb57ae196430f187d7360e8589c62835ef7ca4d583b1aac8cbfe99486e03ca0861c
- SSDEEP
  
  6144:zyQjQ22ejLjooFkaIsEhNnurBPJC5hn8lm7YtdDHw6Rt/hXWLOn/l0Yp8CGq4L5e:fCFSohmVMN2cuSe9h2UAi4H
Score

1^/10
behavioral1 behavioral2
- Target
  
  [WPF]JJDown/Dal.dll
- Size
  
  184KB
- MD5
  
  f4830f3adf2e221e45779aacf220b34f
- SHA1
  
  1907a4085672f32089406e118f0fb2863e55f721
- SHA256
  
  498dfa25e71c0935ff9bd59519fb3ae06907e64e5625a7895494d87fd99cbb29
- SHA512
  
  af7b30c69f0b6dc21e157ce72198cdccf84deaaccf3a12107fe0e84bec28637b778b8ce454e22d52ed239091f7b96d2f796c1434783cbd47ae37d58e244552a9
- SSDEEP
  
  3072:rWatxOxIvoQ1dZM9Jox3sYPRvI+OsQqFPQ2a2c83Q:jHO4ZCBYpvI+9QN2fca
Score

1^/10
behavioral3 behavioral4
- Target
  
  [WPF]JJDown/ExtractAudioForWPF.exe
- Size
  
  27KB
- MD5
  
  1ab142624beac7de4f0f597ca77a5d48
- SHA1
  
  33936b21d645783ca3caccf526912bdc4eefecee
- SHA256
  
  cd7c50e1688b4cc76bfa84962fcf522811d7b5660b26f1e254ccbc78da083e99
- SHA512
  
  a0de94d2f1613403070eb5b2eff35c72d019a1800df5ef01ef759b7bd719e77d80ca455480ac13a239f45b9f3996bd109e2a0ecfddb51143a949caceb14e0b5f
- SSDEEP
  
  192:/nu/lII7mFIj3ydO1aESW346+kzYcECOdb8PZ:al/4Ij3yw1aB44tkzYcExdb8PZ
Score

1^/10
behavioral5 behavioral6
- Target
  
  [WPF]JJDown/ExtractMp4ForWPF.exe
- Size
  
  77KB
- MD5
  
  b51b4fda30e016d27ebf5f9afe0bbad4
- SHA1
  
  30af761731f433722b8db2dcd423147abe1abcb4
- SHA256
  
  b81a9eb7f31c9bfa7d091a317520d79abe44026cda2852ca270ff8e3019d6ab3
- SHA512
  
  6537c53d26a1f90dbddfaef805877186bc906317f52d7d258c0df69efb91422e9b15b0928ccfb420485779d6bfb67d116e8a0d8bef625ea4226532d3dd30c218
- SSDEEP
  
  384:yJwibCE4IjjT6MaBGBQ5sEf7PLbD1etkzYcExdb8PZ:yCiG+6MaI6DzLlIwYcEzu
Score

1^/10
behavioral7 behavioral8
- Target
  
  [WPF]JJDown/Gma.QrCodeNet.Encoding.dll
- Size
  
  105KB
- MD5
  
  2161b13b9aaa2413eee44a09c16e7211
- SHA1
  
  35c373634e0c558ef1a56b789846d457e6a4fb24
- SHA256
  
  9e5f61194a4446a9896efd1e55b2bdf704de0d7a439d52e49b4f6fa45521de31
- SHA512
  
  b0ec7a17297b9f86e74eac0c6b590efcafe59fff1242cc00e7589735aeba042bfdd8f321660c714ef9d6c3d8717a7e44052692646e625d521788d6f0480b9b08
- SSDEEP
  
  1536:/5YTSnJ2dx6j4/dVr9l1BTXX33IHoaW7FLn2bfFtR+HSlJaWT7rc9+P:/5YCUdwiDBTXn3ntyFz+HSlJaSfcG
Score

1^/10
behavioral10 behavioral9
- Target
  
  [WPF]JJDown/JiJiDownForWPF.exe
- Size
  
  5.7MB
- MD5
  
  e240b0fb8aa92cd874fd7f93bcecf4f0
- SHA1
  
  a62a17ed39739fbc013d6500b5ab92957d3951c8
- SHA256
  
  d03b73f7764199be589108421b54ddf63e58f81fab989ff3bc808e52a7494954
- SHA512
  
  ad740be7f6187099e2d49a92641048e3a403fff1d443582eff4c4a7eac19bdf55f76755dc2517f4adef59a84945b0d2e43b1ceb891ed1cf739c8c4870ec31d79
- SSDEEP
  
  98304:SYOeIZVwA6cTo8m+9LAkwA6cTo8m++wA6cTo8m+5KE2q4+prBkrDkAGzKekZco26:JjKBYlkXq+xLHEljUpK6Vn
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
behavioral11 behavioral12
- Target
  
  [WPF]JJDown/Microsoft.WindowsAPICodePack.Shell.dll
- Size
  
  550KB
- MD5
  
  7581a560279c5ce6112ff6c932216b5b
- SHA1
  
  dab8f9753485db2ac71add5614fe5e24410b4e91
- SHA256
  
  e43d702b568d6265eec60da3be98bce73c0451d22ce39bfd1cf993b37ab15026
- SHA512
  
  cdc8df183e9e49881534b58be703abc980f6308af6d74ec179ec4e4ba0deec590abfad3dc673da72e96826e8ca2d828007187b94f7063c2e6a1875ca5574740f
- SSDEEP
  
  6144:Ki0wt6esb2MOzowah128AA/WCNnHBZROPiXzbo8qCRzI7ggqtEIBoOpYgjV1FNos:AK6eI2tzowZ8UCNn9TqGTljV1FB3
Score

1^/10
behavioral13 behavioral14
- Target
  
  [WPF]JJDown/Microsoft.WindowsAPICodePack.dll
- Size
  
  105KB
- MD5
  
  2609afb09d57ba037e99d86de1d3d030
- SHA1
  
  f2bb397cb9c7a77450c2c7732141286d56bb54d8
- SHA256
  
  da5eb37d8e65fe3b7c32ee0bc6939cfafa5227ba4ff79c45310f44e979abc836
- SHA512
  
  88ea4e2480e943da265a38b336531473222c9f18200cf57c201d621b49b7ee6da12626d1dfd58c777ee609f3e2456a4bc56afb9536c1b8281ca0683f0dfecfa2
- SSDEEP
  
  3072:BwnNoT5xHQcR478cUGI5y/qzFlipJhit:BwNQIUGOE
Score

1^/10
behavioral15 behavioral16
- Target
  
  [WPF]JJDown/Mode.dll
- Size
  
  81KB
- MD5
  
  ac7e2724a4b46805f76318c4377593da
- SHA1
  
  072d529bf9ded1ed132962107bf84fb3caa28d71
- SHA256
  
  55b58ee3ebb40bc0cc02d28674bc887f487fb349714d571a2a96b6e61affc5ad
- SHA512
  
  4283ae09bd25ba3bc5e97c75d65f7b332800b6b881a0924eb4c7c03db16279a1000a1e9c31603626382faedeea003de5e1665b1a3f8815a4c644eda176d94478
- SSDEEP
  
  1536:/UFJP7bs6HC/KJYoBEJrNOV4fjU+7C+VoibH/9ly:/iI68bFvfoSZbH/S
Score

1^/10
behavioral17 behavioral18
- Target
  
  [WPF]JJDown/Newtonsoft.Json.dll
- Size
  
  540KB
- MD5
  
  5649f69ab44390e78cd0afc645ace8d9
- SHA1
  
  0ca606ad54903eec8f5ed2d10cedbe3cd45e32b7
- SHA256
  
  3eb81192a710332165eab74e7390ed4807b0aa207d774974b96d79e3ea44d085
- SHA512
  
  7db055211902fae02c580e193d424de0c5c777d5e1587c90695f7e4d16a6d236151cf5f0059cf75afe4e024540aa7fca30b3cde35cc4baf0c160f1478b097ddc
- SSDEEP
  
  6144:p0qYtfAapMA1dMkvQm9anCT0BOKQGYmizmC9AksCaLzBuJtKxOj69JBGk:p0zAFakVB+GYFzmoHOBIjoJBGk
Score

1^/10
behavioral19 behavioral20
- Target
  
  [WPF]JJDown/OrderEXE/IronPython.Modules.dll
- Size
  
  714KB
- MD5
  
  a0222dc68c1ad4ffc58eab234321d8c5
- SHA1
  
  ec64dfed357e0cd38078c51eb6a1db2ce4f7253f
- SHA256
  
  02f0056219f15a6a87c91cd75f1b1875b139a30fd2051fef5acb5cb874688a9f
- SHA512
  
  0f543a08103a578a383bad7ba054b86ebd116184dadf5f027b87cf59576f202754f495d3a15c63002939731f80e8b9a482c358fdd8a5da0933a16230f899573d
- SSDEEP
  
  12288:SfclUvGLaMyKEj1ElORaaHmTsvBWAkIYD2LfO4ErobQAE6yDeMYc:Sfc6vGLJlEjPRaWmTsvBiUG4ExB6Jc
Score

1^/10
behavioral21 behavioral22
- Target
  
  [WPF]JJDown/OrderEXE/IronPython.dll
- Size
  
  1.7MB
- MD5
  
  d32c10c59a41edcfd1e3a481a1646bfe
- SHA1
  
  a6172a8066f75807cf90300e8ba546c7de368ff7
- SHA256
  
  744ffbf30bd5fbcdc746db96edb5b1dde4176c2b9d255bb5a80e5fccdb18f0f7
- SHA512
  
  ba21be18180e331804c7bdb6cc996aa1e2919a0ec86071f538429891a82d3027ff0cd89ef535d88ba79f2f2472060387f0d617c94f9079b619e7019dca5a0199
- SSDEEP
  
  24576:K00jY20jHMj/jUMPgeqVj++/QXohctNF5wUI0r:K0qvBxzt2cNF5wU5r
Score

1^/10
behavioral23 behavioral24
- Target
  
  [WPF]JJDown/OrderEXE/Kaedei.Danmu2Ass.exe
- Size
  
  34KB
- MD5
  
  7d40a259dd1bd3ac8c5dd1d9b150fcf8
- SHA1
  
  844f1e2a2b936b5dc2ceb66d45323562eb55d885
- SHA256
  
  b2bfa7c7fa06f342c02ead53a793482a6df70b84408e08cf4fe8de1a7439122a
- SHA512
  
  c7ba5dccd4f4e8b4377e4d323d60112bc4f9474172f965fd37f6fa4f9a18f2c1a50ca522104adab80ecc3c42047105ca8b9ea406ab3cf2e35b3f002c9d5a09ac
- SSDEEP
  
  384:ikixQRCex6WkDdkPVhX0MksRJX7C+2ilt2llv+cLIutx8WJAeWEHe00qjZa3U:iHGvbkDyksfX7DduVlK8HZX
Score

3^/10
behavioral25 behavioral26
- Target
  
  [WPF]JJDown/OrderEXE/Microsoft.Dynamic.dll
- Size
  
  1020KB
- MD5
  
  a7a9ca26b115ac9a66d1b788e4562fb3
- SHA1
  
  41a0a4a7d127cf2d7b08add5a1aaf6f26979cc00
- SHA256
  
  0ee7bfa73350e782c27f7050fe5f17b920913b942dcb9c4ac3612b85ae9cc869
- SHA512
  
  8b46ccc40a088890bb2fdcc8eabf0137a1a38a9af33288864ceac4aa03b3cbf641e64e88f4276409cc262f6c6dce925dc5ab87670cca9e03f7bf17589303f762
- SSDEEP
  
  12288:jzEQf/CGN2FV6R5xP/vrL2xQ8lYo97CYfPGRLYUTzawQ2ca4Cye:jzf4QRzPvGflPfuZQT2cz5
Score

1^/10
behavioral27 behavioral28
- Target
  
  [WPF]JJDown/OrderEXE/Microsoft.Scripting.AspNet.dll
- Size
  
  44KB
- MD5
  
  3c0963d22439ac85c489ac2758bf39c7
- SHA1
  
  e24dfc78e18c30f1cbe7f138e9c826c341623171
- SHA256
  
  eb68e88164d397edf1e164e99670c9630dcc18120bee052ab285195703e4fcf1
- SHA512
  
  e10c816b29cffa47bf38120f3663ca2a096838cfd7309270c5ed0d41d43ea8d85ce53107dece165b9bc7e4c7c338b096f2085dc0793c519c01350d0c1c43534b
- SSDEEP
  
  768:NNl40/hlcLMALTlvfL0/d8oHGJCk9yZciVFv7IXYp3WD9h3txT7bC:t40/h2LXLRCd8oHMCk9yuinIop3qtA
Score

1^/10
behavioral29 behavioral30
- Target
  
  [WPF]JJDown/OrderEXE/Microsoft.Scripting.Metadata.dll
- Size
  
  91KB
- MD5
  
  e6d8ff0fef031d1e4c1ed01a6ca7c62c
- SHA1
  
  1f783bcf4d56f02c5774a83cf190e18b24023584
- SHA256
  
  735601c54d59113311e5e94c43acccfb2d2f8a81a4b465951b3830cd82f09e22
- SHA512
  
  9a1bda279a9444d694b6bf1d3363b1768fbf7c17d4379d32ee3a0f405de6dc01db790f693c17da5c35d64bd656f3308309cbaa9eb515830f38ab8c97cd3f6062
- SSDEEP
  
  1536:YQ9jdvLMYzcE7uOmflGf4ZKnSOzLvKXlLJ/a/x/j/VYS+S9/58OKZ/GHXa8Bl4GN:9Lfug4ZKnSOzLvKXlLxa/5DVYS+S9/5h
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

.NET Reactor proctector

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32