924459ad2d1a0a69dc25e4054c3bca92a0f3e3add5548751c8fa4178e9b0b706 | Triage

Sharing

General

Target

924459ad2d1a0a69dc25e4054c3bca92a0f3e3add5548751c8fa4178e9b0b706
Size

7.5MB
Sample

240901-eqg3aa1dmj
MD5

34ddcaa7d6966aab8468f60f5c94e377
SHA1

9134a572dc5c533a592c43ab989d2afba41f780d
SHA256

924459ad2d1a0a69dc25e4054c3bca92a0f3e3add5548751c8fa4178e9b0b706
SHA512

9aafb303a11c4e9c76e35daa877861cc1ae0d7c2c218f4c9bd0d4cf3793b96c9fcb7274c42cba1164a7438452e57c5d522db3506c5db77f25532563d5af25c1f
SSDEEP

196608:7oONGGuCpNHD0pAQ9wJ4fXEkYt4uWi0gzfGsLWc4N2jXWgF9:XpuYNHDtQ9wJ4fXEbtrWjgzfGc4NWd9

Score

10^/10

execution link qr

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://admin.xunhuweb.com

Targets

- Target
  
  zibll/action/comment.php
- Size
  
  8KB
- MD5
  
  dc0f00c03b5d014313304500aeb2c7f7
- SHA1
  
  1d0db2a4448071c757a6d94b444eaaf6fb151bc7
- SHA256
  
  50bd49047f122dc88c2d99e295764f70ba93ec72c7260fc999ee223fb426bbcf
- SHA512
  
  ee36f9ad2d63c759357c1446ed612fc787b0b904f2105e215ea554bfa6ece871da37a08989f4ec3a084b1681dad1539b84a5b01455f0a74f0023f2db4d031b0a
- SSDEEP
  
  192:IMZ1EUE+wv53M+rE0jrLxFNM8fE0j2oRIUVxfygT/4Oxika6oN+D2tCYc:GoSXgExFyzp6Ci
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  zibll/action/user.php
- Size
  
  24KB
- MD5
  
  589a9b4d60fc44a640d0bc5731987a7a
- SHA1
  
  5b9729f06df996cc8ce445f70a6e418213aa3b7c
- SHA256
  
  debf5a3119dd2eaa69fd34218eccdf53254bd65acf332ec87dd82479a1c0c0f4
- SHA512
  
  ebcce3c83d6c540f37a68f0469753b425d3f57b80bbe31be6724f595a9d1d50234e1c02a5fec2f90c1535cdfb6d05d0ad747e28389648c66d7b1b3c7fdd21b10
- SSDEEP
  
  384:xeUKwf8MaL/+M/tZIAo2xPlN2R8ffkdmOjYmPaIS9iOqHDWqHD4h:+HNLIDV8
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  zibll/go.php
- Size
  
  6KB
- MD5
  
  2f0d587afdde55dcf46d6faeea9c7b7b
- SHA1
  
  a2467b15d8af86bd6e204e72a0a4ea2cf4cf6fd5
- SHA256
  
  5f207fc347d228dba991a9bf687df087336c300628776a382854bd12c9a5a6fd
- SHA512
  
  70baf390057ca588e72191628b24d495112162030f3e191383aa635d341fcbc56d495a7dfc186d0815956301ffbc98a50c6df3600f53bf9d46ecb3ee9fab0dbd
- SSDEEP
  
  192:I0RZH9uUNXKOGnWGWuedczu+CQRfQRv4ReyJro:dGnWTcy+0
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  zibll/inc/class/SignatureHelper.php
- Size
  
  3KB
- MD5
  
  4ce6d450410b8f51f15252e0877731b5
- SHA1
  
  b31e223524685d9173afb4f12dab9043b304fce2
- SHA256
  
  5e6a076566c15cf0b267221c4b83bf06d327f16efd3a958ed3b9ecc6765bb7da
- SHA512
  
  1401b909219d47f3d2a6415d0acd015d7bf603269807f4f580d183893906dfa6a82ca9779cb771d9fa1785f542773907f7f7629c79ca95f1d6bf8ca0eb4094ec
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  zibll/inc/class/file-class.php
- Size
  
  51KB
- MD5
  
  675dbd3f5a28b2a53139040be3b23e6c
- SHA1
  
  716bc32b6dd689ed4cf1a9adb9294e4336e12ad7
- SHA256
  
  bad499165d35946a79d12576f81c51c4b00139a5fc9d8a988de03f363f2482cd
- SHA512
  
  4dd9bafc2b3cb5be788c6a57827e78381dada7e2277f50045a4d4a9e9e9bd381b21499ffbbd24ddf3a1a8fbcc2757d2c20acaf04135f24a024510b71c1dcb080
- SSDEEP
  
  384:8QRLrOgO070bgNaO+jCuTirHu+K3VRPyCUBWO70UUQrho6bmQdbSo268SK6+SMTD:8QR/JO07CYaO+jCBO+QzyCUCU7Toyw
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  zibll/inc/class/qrcode.class.php
- Size
  
  107KB
- MD5
  
  5e006740ba87e8dec27ed735081222ba
- SHA1
  
  c552a6635dd706c9730447b51139d9a9e95bbf26
- SHA256
  
  76161de64e48c9737c835b77dad593128e362c7aa493a0110541f907a3546691
- SHA512
  
  cd9f3c5744ab4e9fc8fac75f18da0eef662bdc47f3bbdd8eba1e070f8583f023570043e9a9ebc8812c46242f3c6af0f3450784c68f93f444c423b1d9801446e1
- SSDEEP
  
  1536:4yHgwobHl/0f0f0feNwXQFGk3viOXTCezJwkTK1ENcqRNWUFrvue:jgrznkENcqRXH
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  zibll/inc/class/sms-class.php
- Size
  
  16KB
- MD5
  
  2a7f95e1ee4dd0fd288f490804e245e1
- SHA1
  
  3fbd5ccdf2a4fc96891493d2fb23ae1fcff5428d
- SHA256
  
  2023c243e928b89830ed57da92db64e2e6d28870537d59724f7286baa8b3bd03
- SHA512
  
  c450431627e371a885aafe993752a53950f83f7a8eaa774caeca3e8202687d7bd4a8dd58b8ef37d9bc7882d9da598804d746615c7c15bd45ee9ecfb808a1fa6a
- SSDEEP
  
  192:5mkztLAvgEZNqPmLb0vmDEyf4ScjO7GMkBlUwPYjo7GwkCDDY4mIken9pNzbFeEC:1tIvP0ryrsiAPXoen9pNzsEbkh
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  zibll/inc/codestar-framework/assets/js/gutenberg.js
- Size
  
  2KB
- MD5
  
  6a6bcb28bea97ce6c9f61d52ac68b55c
- SHA1
  
  3e5407af119c9d00d857d14547772d414a926964
- SHA256
  
  b8a2f3671ef927a69f6ba6b1ec137fb5c25d24e8bd394d05c79ad30d3791304f
- SHA512
  
  e50313a64b61a9ed7096c3c00a495f046028773a78fb184cf127c256a93f3ad937cca9753fb34c5f44639aa548d661f459eb82f8162bb216caaaa2cb67514071
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  zibll/inc/codestar-framework/assets/js/main.js
- Size
  
  93KB
- MD5
  
  22b87ece8e24d15904da1da294bf0252
- SHA1
  
  2ee2afe183df5a96df2b264aef6a221da2f00c46
- SHA256
  
  6eac1cf0ecd0f0f3ba08ec3f0faf397eb60b1453839c00b29c28ea85c7722d4d
- SHA512
  
  d006edc236062ba93d620f3924e5ac43a2f7128975bdba9d4bc3cf12f654d5cd03ef6eff32edec5e6c6cd52f87859a4592e3ade540b2115e39bd2cf3e9793b6a
- SSDEEP
  
  1536:HxGxXHnopbZmOgOhoTWzl5KkI+8DBGWS11wLSS3hMzC/TPn:hpVbi+6q7U+zC/r
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  zibll/inc/codestar-framework/assets/js/main.min.js
- Size
  
  45KB
- MD5
  
  d15e28b0823e48cfae142a5053630f2c
- SHA1
  
  809a5d1e2b79b465a0052d9149b41286af00f231
- SHA256
  
  fa3305d69878828a01341a950d0b8ad73209fbd07bd9efbddd54f3ea06db3af6
- SHA512
  
  1011248b8f56aeb73fd31e25d8bdf22c4912199b8fcec589e97a707c66bd576c01a23491ef9cdd6d89abadc36c6cc70811846a127db836f314252b37fa67d278
- SSDEEP
  
  768:1yuDuU+yFpTAQuJnkkvyByyOzDZw7pzQf1Wjz4q+LoKrEauz:1yuDuUVTAQuJhyBtzAEz4qgoKrEauz
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  zibll/inc/codestar-framework/assets/js/plugins.js
- Size
  
  65KB
- MD5
  
  ae1f2460db78a83bb5ece4ef54710307
- SHA1
  
  93be62372efc86c07452c03faeee929cd16caa41
- SHA256
  
  984ecd9ea27f5130d3a8eff76c2ac49f0a801b82ed5d91d765893f154a8e17af
- SHA512
  
  16017cfb6a2c43777800dd0428dd44bb297984798667b431657735650606d8e5e44e14a9664c4d874c2f63a75eef6fdfc4dc0a3fd01214d97d52a8e2b34e2fe4
- SSDEEP
  
  768:OTtPknoi8obXt37SUuvHLW+lt6o6Yy8UUPNw/NHYGEPQtqmIrbWt0AQkD55HUeOB:OTRXVEwoxYyrUPNw/NHYCr6AQKUU0
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  zibll/inc/codestar-framework/assets/js/plugins.min.js
- Size
  
  37KB
- MD5
  
  e857a2941d5424299508f678969e390d
- SHA1
  
  d6487a3d6375c85488aadfdd16321ac8a3ef3599
- SHA256
  
  caff5c98fc226efae558d9417abd61809ec443bc714e59ea2b6d6a5faeeb46d2
- SHA512
  
  dc7c4247fa7cadf441e96f62248b50596e803d3cca59f2fb5c838d4dc307b08240e25191e8766f7e1a7b3f26a56ed259762e8b36bb6bfc8bc7ba08a2534cb980
- SSDEEP
  
  768:JBBDlsrptj96umwogXeVSBHN8gzwISZPfsu0IgrmxJ47eRx:JBBIpR/QEBHN8g5SZPfsu0lqxJz
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  zibll/inc/codestar-framework/classes/admin-options.class.php
- Size
  
  25KB
- MD5
  
  81af0f9b27753f687f697044b0f3ac4a
- SHA1
  
  84a42934869de6cd58736037e68beae3fa14fb55
- SHA256
  
  acd7284c7559f8b9c7b28fa0eacd957b995a616d20584f20da827d573d853c4c
- SHA512
  
  d814e38e01ec70bc00198ff4067ee4b1ad39777d2cab446891655b55436f0f23283d2ff8988778c6a8e1c4803dbe86039762e1ee70b130e7ed7080a625956763
- SSDEEP
  
  768:Wi4Y0eUaNDNgKZwZFvem4Virh0vZrSfKGr3W1XZFrE+:4eUaNDNgKZwZFvemUiavZrSfKGr3W1HL
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  zibll/inc/codestar-framework/classes/customize-options.class.php
- Size
  
  8KB
- MD5
  
  6952cc089824e89643af4bdab0b9a3f2
- SHA1
  
  2d4994505c9866a72b75f10d97a1f9f7fed8836f
- SHA256
  
  9799a39d494c4dc43a02001f0267c3452ad51c0b5ff1d2ccf398dfeae253a01c
- SHA512
  
  872c39c958b4c71f1188706b25ac5a9fdd77307787b293ac0665d9fc09cfe42278357250d8811a62988909e6a816c9568c23464e1d4958229455469fa5a85fb6
- SSDEEP
  
  192:YcrckaiiyiHDQ/yWDv6DYnJD2x90NfjAlmW:YcTdET0Y
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  zibll/inc/codestar-framework/classes/metabox-options.class.php
- Size
  
  14KB
- MD5
  
  a498f827171db9a60ba8adb0be411853
- SHA1
  
  145e7c46e83f67877920b4ccc5172a98f7abd6c5
- SHA256
  
  17175d990c2a2f74eaf11d75f287b7a87ff7092ffee90696577c9115da11a080
- SHA512
  
  0e69627fd8be0797d9aa569c9613780937f99a34a8954b5b7421996827c96b361a0df042d54df9d4d52f535b8213a48348f33b394b138e81695fbecd4225708b
- SSDEEP
  
  384:JFHRt3vBU8tm0WjXAjrvLt5B83V/OdaJpi1O7PKnXfQx/+PtXF2:7HRt3vBU8ttWjXAHTwOdaJpig
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  zibll/inc/codestar-framework/classes/shortcode-options.class.php
- Size
  
  12KB
- MD5
  
  891a87996b9ee3a4b3cbe5ad210a82ba
- SHA1
  
  d0d1d3f43f73be59cb2a0bcffb33ce1e3d76e26c
- SHA256
  
  c9f2e12a5f64433910ee9b3a09959866733610a9e9a47c82e68f2845c53dea80
- SHA512
  
  5534635cbada84cd90f2b6632dbf77888e391a9e108f09f2141e2be875f1e7eadf5298dcac03ea3a45757f0b2f659e404b9cb8c2d914ff0e85460be6fa037ada
- SSDEEP
  
  192:q5SKgDmWDe2FVybFE7eaO9aRO0S7h4Sh/VhYtM2/V2Zg2h5wcxSyvxZMYEZwiGD1:qEIE7eaOcR5WiShNhSM2N2J5wC1/
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32