Overview
overview
10Static
static
10ad515ec278...e7.exe
windows7-x64
7ad515ec278...e7.exe
windows10-2004-x64
7$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...rt.dll
windows7-x64
3$PLUGINSDI...rt.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/chkm.dll
windows7-x64
3$PLUGINSDIR/chkm.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...up.dll
windows7-x64
3$PLUGINSDI...up.dll
windows10-2004-x64
3$R0/$R0/Ba...up.exe
windows7-x64
1$R0/$R0/Ba...up.exe
windows10-2004-x64
1$_24_/Pers...x.html
windows7-x64
3$_24_/Pers...x.html
windows10-2004-x64
3$_24_/Pers...ent.js
windows7-x64
3$_24_/Pers...ent.js
windows10-2004-x64
3$_24_/Pers...mon.js
windows7-x64
3$_24_/Pers...mon.js
windows10-2004-x64
3$_24_/Pers...fig.js
windows7-x64
3$_24_/Pers...fig.js
windows10-2004-x64
3$_24_/Pers...ram.js
windows7-x64
3$_24_/Pers...ram.js
windows10-2004-x64
3BDBugReport.exe
windows7-x64
3BDBugReport.exe
windows10-2004-x64
3BDBugReportx64.exe
windows7-x64
1BDBugReportx64.exe
windows10-2004-x64
1BDDownloadExe.exe
windows7-x64
6BDDownloadExe.exe
windows10-2004-x64
6Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 07:59
Behavioral task
behavioral1
Sample
ad515ec278d0e97347b6a527d1c3baf3d1d96ace5a7a724dd93de2fc3b9e6ee7.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ad515ec278d0e97347b6a527d1c3baf3d1d96ace5a7a724dd93de2fc3b9e6ee7.exe
Resource
win10v2004-20240910-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Src/Protocol.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Src/Protocol.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Src/Report.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Src/Report.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/chkm.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/chkm.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/insthelper.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/insthelper.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/reportsetup.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/reportsetup.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$R0/$R0/BaiduPinyinWin10Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$R0/$R0/BaiduPinyinWin10Setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
$_24_/PersonalCenter/$_25_/index.html
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$_24_/PersonalCenter/$_25_/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$_24_/PersonalCenter/$_25_/js/achievement.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$_24_/PersonalCenter/$_25_/js/achievement.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$_24_/PersonalCenter/$_25_/js/common.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$_24_/PersonalCenter/$_25_/js/common.js
Resource
win10v2004-20240910-en
Behavioral task
behavioral23
Sample
$_24_/PersonalCenter/$_25_/js/config.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$_24_/PersonalCenter/$_25_/js/config.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
$_24_/PersonalCenter/$_25_/js/tangram.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$_24_/PersonalCenter/$_25_/js/tangram.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
BDBugReport.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
BDBugReport.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
BDBugReportx64.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
BDBugReportx64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
BDDownloadExe.exe
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
BDDownloadExe.exe
Resource
win10v2004-20240802-en
General
-
Target
BDDownloadExe.exe
-
Size
367KB
-
MD5
b5e16bd1f7edaa0d56c9e2ce65f35516
-
SHA1
ca4b7fc4c77680b8ce4b1bdbb2b231beb06c98e2
-
SHA256
91702ae34d17e643983accc23f937c0956d5d5e07b26871e025de4a6da85b696
-
SHA512
ec0fdc8d2a8b1f93a2282c0af139dddc637533758e65d6e2b052a8e20c8a031d3d4133e04c1c082981035a35afa552b219ac0503f43181c4d399f95581e91b29
-
SSDEEP
6144:HJwx+zTO02TvEUSzi1G6/InjNx9LtEmCR1/gxKrpU1QUTivq:HJwx+zTBtzi18xzBEmCRixBivq
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 BDDownloadExe.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BDDownloadExe.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe 2252 BDDownloadExe.exe