Overview

overview

8

Static

static

3

IDM/!)卸载.bat

windows7-x64

8

IDM/!)卸载.bat

windows10-2004-x64

8

IDM/!)绿化.bat

windows7-x64

8

IDM/!)绿化.bat

windows10-2004-x64

8

IDM/423Down.url

windows7-x64

6

IDM/423Down.url

windows10-2004-x64

3

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

debug.js

windows7-x64

3

debug.js

windows10-2004-x64

3

document.js

windows7-x64

3

document.js

windows10-2004-x64

3

welcome.html

windows7-x64

3

welcome.html

windows10-2004-x64

3

welcome.js

windows7-x64

3

welcome.js

windows10-2004-x64

3

IDM/IDMFType64.dll

windows7-x64

1

IDM/IDMFType64.dll

windows10-2004-x64

1

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f86cc19d790eb25789bb0a85cce0a248b1e09e925fabae7b9e3ea849566a71f

  • Size

    10.8MB

  • Sample

    241001-ppf4pszanr

  • MD5

    f64fe88eb13b6953f34d025cb1f55b11

  • SHA1

    dff3c3fb50bf11dfb26aeea65099a91e9c8922d7

  • SHA256

    1f86cc19d790eb25789bb0a85cce0a248b1e09e925fabae7b9e3ea849566a71f

  • SHA512

    c04a978ee131bdd80caa87b1e5833cce5a3cf4b8760b61c82cae963de01d49d27fdae7a598607579ea758622599f030e9a472657f38a08ca8d7c3a4860622760

  • SSDEEP

    196608:SnollbR5W2xyooWXXNncRW5yvmnAJHrHITwMLpkVQLROPRzOPz36LKnkjXUAiK2T:soljr5NcRG+YGHUbpd8LpgueN

Score
8/10
adwarediscoveryevasionexecutionpersistenceprivilege_escalationstealertrojan

Malware Config

Targets

    • Target

      IDM/!)卸载.bat

    • Size

      14KB

    • MD5

      3decac4cda3e2c761b6c25a7c6afc8d6

    • SHA1

      857bac5e36b567021c39c90b0590aef558ae3f24

    • SHA256

      a058383a79b829bceeac7f183968adba2a38824c41f6d0bd3741ad9d753cf4d0

    • SHA512

      258efc5a8eca2d28a257783753a5c7242c8c5ea85e7d9c88515610d2e7c50eaa89164dc6fa3109fa3829604a67f88fa7ae2d63c11dbea0aca41cd19da6b4727a

    • SSDEEP

      384:4CFmoOfgEpLkHr5kkBQUsnLow8jS32AIF+uVF+uS:9r5kkBQxLow8jo2AL

    Score
    8/10
    discoverypersistence

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      IDM/!)绿化.bat

    • Size

      12KB

    • MD5

      1bed77dcf5fa3bc411cb49f9c025ebef

    • SHA1

      ff37c7a653bb3ab47aaaf76569fcc20a3aaa12ab

    • SHA256

      3a8c32da985dc8294ab781865dbe28413c9d34853e4ce0084bdedca644f5e6ff

    • SHA512

      dea77a5a7bfdb9317f482e4da6cad2ade907e0b9931b1941838dae3d791c7077f1ac61b0327634d9fd26c45f1c37044e97c2df01cdc9110cf22f43a0a715cf4d

    • SSDEEP

      192:ev1sv7KbivUXiT5hzW/AHWLx64EXh554/AAQ/AAv/AAa1jc3j:aSF4EuAfuo3j

    Score
    8/10
    adwarediscoverypersistenceprivilege_escalationstealer

    • Drops file in Drivers directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral3behavioral4

    • Target

      IDM/423Down.url

    • Size

      188B

    • MD5

      b2059163656eb8f22b01316ddb2815d1

    • SHA1

      be7680bef5af84b50980ea370e85c8fce924707e

    • SHA256

      ffe55c2d3687ceedc7307d5b7df085a10d946f04b5f46a1ff61c88fa53beed7f

    • SHA512

      480945fa03caeaadc81aec2f1872685aef44bafb73bb0a3be697c76696e181f80c2140084d7abdc2ace457e2de12aac63190310e8c3d47a6eced60aceda90a29

    Score
    6/10
    discoveryevasiontrojan
    behavioral5behavioral6

    • Target

      background.js

    • Size

      50KB

    • MD5

      3360f59420ce6061acf5fece057aa46e

    • SHA1

      773cc094383ece06422f23ca0e3751038d298b21

    • SHA256

      880a97be880618794fb1b7a26f7014ae55af12599ce1cb4aa41d1defe7220277

    • SHA512

      4b49e7a268242607e2eafce62065b16ac352390bf9d32e5ba296889496d2e23d659b8bacf1386768990ca3ebf65aac4441d64e6a32ada03d09bf1563201e22c0

    • SSDEEP

      768:CUsaomQ88cGPX/OY2Mn8ujEwLdjjkBq+kVAPfakbHaRTG/e:5lzGPPpBtkdkq3BbHaRj

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      captured.html

    • Size

      1KB

    • MD5

      5062f9d1df3d8e0f7ab6aa60b9ed8559

    • SHA1

      5a3f784811f44fc6c90f05c65f2293e2bb92bcdc

    • SHA256

      2e085475431e6f7e08159fb76f80b37ec1c73c708fb26a60acb581b491cba5c3

    • SHA512

      9b284a33645a8989403bd3676746413be76e0fe2acd84c28acc61beb5b058dc9f70c6bf6929a90281f876caf850032da2ca1b17fe4596c2506cfb0a667d47536

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      captured.js

    • Size

      776B

    • MD5

      f7e3f5cb96c0a35f6fb7ebb3bf93c0cd

    • SHA1

      979c0f54aa9a0468b364d75948f6d34335e2af93

    • SHA256

      38adc87d581741f9f17d7a0d346e651f9a1de6a0ccd08cee8e3945bcbff81055

    • SHA512

      7f1b856bf487fbe45cde398a24f57c813f8f32795dce1b2fd36ab0357b67b7efef23712a3944b79abfe2301dd9f0e248decc390ed15944171bf034c2d7346d54

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      content.js

    • Size

      17KB

    • MD5

      03d05e69335ff1c463a8b9efb4211165

    • SHA1

      4148e3f4c4e917354715bcc8727a3c420c2ea647

    • SHA256

      95f793789a0f7893982819cd73c5d2539aa0171b170ae7ad12807d75144bd58e

    • SHA512

      1cb6cf57bc2c23a85e88b53a40f9119310002f692aaaa20e54ed6314964a46f65d9abe7e432d52e69a5bc4c13a45f23bbd37f0e9b19bd24de9a6f291d18c1d02

    • SSDEEP

      384:T9F9Ku2FM54/07klXvSHI2wJuT/Lc5lFVZ7ZBaga6pWqVztFcwuKQHRheB9Nkn3c:TXWhlXvSHI2L/LMFVZ7ZBBa6ptVfc8QC

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      debug.js

    • Size

      962B

    • MD5

      0570e1cc548b165f5e266528820b78bd

    • SHA1

      cd803dc2a653073c02fa94e171926a89144547df

    • SHA256

      af89b320349f3eeddb5d8a80397de9169299e408f3d92b98f416293ccd3b58bd

    • SHA512

      99ef362e4e01d37a637b92098422d3d6930f1e53705aa604fb5301f1e71f9e0a49d09d3d5211820d677d4ba6ce561dbf5143238a94d1e22c60c383fa648503d1

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      document.js

    • Size

      1KB

    • MD5

      c9c88ad8971b9beaba25a7c179a0d2d3

    • SHA1

      0df9d89492928911d91912e38868952939a3e655

    • SHA256

      154a952d27d1500b57dd1c63fe7cf51ec66daff96a55da34e8f9576b9992f32a

    • SHA512

      3d89e1f9fd76ae1754194930059af89877b44c397587cd536edf88a996b3988cfa092741e3a70711267cd02280e63d6070e47f6d5525d84566009271905450dd

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      welcome.html

    • Size

      3KB

    • MD5

      ec3104b7e51e547453b6f789e6408223

    • SHA1

      86c95e49d962af24b50e6af3b9709848e6a4790b

    • SHA256

      5a3b8e3a8bb4ceca8c76e92ff904bfcce6642d9f25d4cb645bf6f3c6c4994d87

    • SHA512

      216872e4e45139bc68f5e3c65bc41931e2d369e7d94f7faf981e6f19409a0420576c5ccf4305a418346d45d06666df9ba756403239421063403f0deeedbac776

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      welcome.js

    • Size

      1KB

    • MD5

      7dfb62a47993b3162172ee41ef00bc9e

    • SHA1

      656328a5f31a20ef5e51db8c670a671f02b982b2

    • SHA256

      a1fd35ed7f7ddb52faa430bcc20ef4dc50e0033da7a21da93fe4daa1650d45ed

    • SHA512

      c23e04e454e05ce012f882ae39411205ed47c83d0e512dfd62b4d1d2c678351a446d672a0d673b55905634fcd852979a231844059d9ce5d30241713366032dfe

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      IDM/IDMFType64.dll

    • Size

      51KB

    • MD5

      c976ceb4be1daf3a848c11a4adf224ba

    • SHA1

      9ce2b9c6a3cefb6b5be69572c0c30f87322ef145

    • SHA256

      0479dda9f82192a7c8881413f8ca6a220e63a4811efadc497dbefc0f4c290441

    • SHA512

      3cb95b2048f5c62002656fec25c529caa6327481c0351364f1168a88583facf09631a7c20ae2fe125fd8eef422095528acf27183b242a5a36bcce45c4c327cb9

    • SSDEEP

      768:eak1cQ6KfFSF1F2Rcyg1wgRKZMMNbKYk4PHQBpjhXnZwPs0DDYW1MmOdbCk7v:KLwL2Rc7caIbKYrKpdJwPVDRDOlCk7v

    Score
    1/10
    behavioral23behavioral24

    • Target

      background.js

    • Size

      50KB

    • MD5

      3360f59420ce6061acf5fece057aa46e

    • SHA1

      773cc094383ece06422f23ca0e3751038d298b21

    • SHA256

      880a97be880618794fb1b7a26f7014ae55af12599ce1cb4aa41d1defe7220277

    • SHA512

      4b49e7a268242607e2eafce62065b16ac352390bf9d32e5ba296889496d2e23d659b8bacf1386768990ca3ebf65aac4441d64e6a32ada03d09bf1563201e22c0

    • SSDEEP

      768:CUsaomQ88cGPX/OY2Mn8ujEwLdjjkBq+kVAPfakbHaRTG/e:5lzGPPpBtkdkq3BbHaRj

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      captured.html

    • Size

      1KB

    • MD5

      5062f9d1df3d8e0f7ab6aa60b9ed8559

    • SHA1

      5a3f784811f44fc6c90f05c65f2293e2bb92bcdc

    • SHA256

      2e085475431e6f7e08159fb76f80b37ec1c73c708fb26a60acb581b491cba5c3

    • SHA512

      9b284a33645a8989403bd3676746413be76e0fe2acd84c28acc61beb5b058dc9f70c6bf6929a90281f876caf850032da2ca1b17fe4596c2506cfb0a667d47536

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      captured.js

    • Size

      776B

    • MD5

      f7e3f5cb96c0a35f6fb7ebb3bf93c0cd

    • SHA1

      979c0f54aa9a0468b364d75948f6d34335e2af93

    • SHA256

      38adc87d581741f9f17d7a0d346e651f9a1de6a0ccd08cee8e3945bcbff81055

    • SHA512

      7f1b856bf487fbe45cde398a24f57c813f8f32795dce1b2fd36ab0357b67b7efef23712a3944b79abfe2301dd9f0e248decc390ed15944171bf034c2d7346d54

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      content.js

    • Size

      17KB

    • MD5

      03d05e69335ff1c463a8b9efb4211165

    • SHA1

      4148e3f4c4e917354715bcc8727a3c420c2ea647

    • SHA256

      95f793789a0f7893982819cd73c5d2539aa0171b170ae7ad12807d75144bd58e

    • SHA512

      1cb6cf57bc2c23a85e88b53a40f9119310002f692aaaa20e54ed6314964a46f65d9abe7e432d52e69a5bc4c13a45f23bbd37f0e9b19bd24de9a6f291d18c1d02

    • SSDEEP

      384:T9F9Ku2FM54/07klXvSHI2wJuT/Lc5lFVZ7ZBaga6pWqVztFcwuKQHRheB9Nkn3c:TXWhlXvSHI2L/LMFVZ7ZBBa6ptVfc8QC

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

discoverypersistence
Score
8/10

behavioral2

discoverypersistence
Score
8/10

behavioral3

adwarediscoverypersistenceprivilege_escalationstealer
Score
8/10

behavioral4

adwarediscoverypersistenceprivilege_escalationstealer
Score
8/10

behavioral5

discoveryevasiontrojan
Score
6/10

behavioral6

discovery
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10