Overview

overview

10

Static

static

5

Port免重...��.bat

windows10-2004-x64

10

Port免重...��.bat

windows11-21h2-x64

1

Windows 激活.exe

windows10-2004-x64

Windows 激活.exe

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be81f6811a84ccbe024618935ab04f973c647eca3e69f7a01eae9f434e6ec46b.iso

  • Size

    4.8MB

  • Sample

    240925-h745xssepl

  • MD5

    da40e30a84f928797fc8bc3b7391cba5

  • SHA1

    88d897bcb7d031e3413f62fd210aa2d40a0452f2

  • SHA256

    be81f6811a84ccbe024618935ab04f973c647eca3e69f7a01eae9f434e6ec46b

  • SHA512

    61446139e227b76956405433b5d70a882d19b7ad41abb6fa7c3117ded3047790f447de0780be33be38420dc817b1b01d2828378c6c83047807e6bde61daf50af

  • SSDEEP

    98304:88sjkjEVh1z8cS8jC+lJD24m4oVYUce2WruY0Kulf:ujUEPapEVlN2zVYhr2uDLJ

Score
10/10
evasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Port免重启即刻生效.bat

    • Size

      7KB

    • MD5

      52c1615ce1bd99130d2796825e009954

    • SHA1

      08eeb64b8ece5238e47c3dd635cee65f325994df

    • SHA256

      73ece56ada91a659752b3aa2d007d9c1416ead32c4b7d7bb36d06dfaee6e8a5c

    • SHA512

      880514fba9d0bb872d25296f769bf66b5bf357d282a0cae01d2e14f0ca5ff387b0d6b3aa78b3ba4683a56fe8df2f4a7d71bda1dfb9e3e4da0991d9bd20b19081

    • SSDEEP

      192:5ptzzQ8ROVrtOB956tmBeBlJ+RNhWlPx2dJZOxv:5pJz1ROVrtOB956tmBeBlJ+RNhWlPx2u

    Score
    10/10
    evasionpersistenceprivilege_escalation

    • Modifies firewall policy service

      evasion

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Modifies RDP port number used by Windows

    • Modifies Windows Firewall

      evasion

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      Windows 激活.exe

    • Size

      4.7MB

    • MD5

      83d63f204bee6e7e46ed8469bdb79b83

    • SHA1

      c784a661697a4488e3c0e0fe12aab801949b071a

    • SHA256

      46341858d2adb95569c9b188893199fae9824869ba7f2b99aa4fc36732963066

    • SHA512

      4ab5c995b3216305e1f3669fe2c4b19ca7876e4746f5cd9961e28d41ad51905f92d99efd3792c7e4fc302e447c54284bc6aa7bcfd79059ce1a86f4993934b2e7

    • SSDEEP

      98304:08sjkjEVh1z8cS8jC+lJD24m4oVYUce2WruY0Kulf:GjUEPapEVlN2zVYhr2uDLJ

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify System Firewall

2
T1562.004

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Remote Services

1
T1021

Remote Desktop Protocol

1
T1021.001

Collection

Command and Control

Exfiltration

Impact

Tasks