Overview
overview
8Static
static
3IDM/!)卸载.bat
windows7-x64
8IDM/!)卸载.bat
windows10-2004-x64
8IDM/!)绿化.bat
windows7-x64
8IDM/!)绿化.bat
windows10-2004-x64
8IDM/423Down.url
windows7-x64
6IDM/423Down.url
windows10-2004-x64
3background.js
windows7-x64
3background.js
windows10-2004-x64
3captured.html
windows7-x64
3captured.html
windows10-2004-x64
3captured.js
windows7-x64
3captured.js
windows10-2004-x64
3content.js
windows7-x64
3content.js
windows10-2004-x64
3debug.js
windows7-x64
3debug.js
windows10-2004-x64
3document.js
windows7-x64
3document.js
windows10-2004-x64
3welcome.html
windows7-x64
3welcome.html
windows10-2004-x64
3welcome.js
windows7-x64
3welcome.js
windows10-2004-x64
3IDM/IDMFType64.dll
windows7-x64
1IDM/IDMFType64.dll
windows10-2004-x64
1background.js
windows7-x64
3background.js
windows10-2004-x64
3captured.html
windows7-x64
3captured.html
windows10-2004-x64
3captured.js
windows7-x64
3captured.js
windows10-2004-x64
3content.js
windows7-x64
3content.js
windows10-2004-x64
3General
-
Target
1f86cc19d790eb25789bb0a85cce0a248b1e09e925fabae7b9e3ea849566a71f
-
Size
10.8MB
-
Sample
241001-ppf4pszanr
-
MD5
f64fe88eb13b6953f34d025cb1f55b11
-
SHA1
dff3c3fb50bf11dfb26aeea65099a91e9c8922d7
-
SHA256
1f86cc19d790eb25789bb0a85cce0a248b1e09e925fabae7b9e3ea849566a71f
-
SHA512
c04a978ee131bdd80caa87b1e5833cce5a3cf4b8760b61c82cae963de01d49d27fdae7a598607579ea758622599f030e9a472657f38a08ca8d7c3a4860622760
-
SSDEEP
196608:SnollbR5W2xyooWXXNncRW5yvmnAJHrHITwMLpkVQLROPRzOPz36LKnkjXUAiK2T:soljr5NcRG+YGHUbpd8LpgueN
Static task
static1
Behavioral task
behavioral1
Sample
IDM/!)卸载.bat
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
IDM/!)卸载.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
IDM/!)绿化.bat
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
IDM/!)绿化.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
IDM/423Down.url
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
IDM/423Down.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
background.js
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
background.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
captured.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
captured.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
captured.js
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
captured.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
content.js
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
content.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
debug.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
debug.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
document.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
document.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
welcome.html
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
welcome.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
welcome.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
welcome.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
IDM/IDMFType64.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
IDM/IDMFType64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
background.js
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
background.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
captured.html
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
captured.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
captured.js
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
captured.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
content.js
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
content.js
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
IDM/!)卸载.bat
-
Size
14KB
-
MD5
3decac4cda3e2c761b6c25a7c6afc8d6
-
SHA1
857bac5e36b567021c39c90b0590aef558ae3f24
-
SHA256
a058383a79b829bceeac7f183968adba2a38824c41f6d0bd3741ad9d753cf4d0
-
SHA512
258efc5a8eca2d28a257783753a5c7242c8c5ea85e7d9c88515610d2e7c50eaa89164dc6fa3109fa3829604a67f88fa7ae2d63c11dbea0aca41cd19da6b4727a
-
SSDEEP
384:4CFmoOfgEpLkHr5kkBQUsnLow8jS32AIF+uVF+uS:9r5kkBQxLow8jo2AL
Score8/10-
Drops file in Drivers directory
-
Adds Run key to start application
-
-
-
Target
IDM/!)绿化.bat
-
Size
12KB
-
MD5
1bed77dcf5fa3bc411cb49f9c025ebef
-
SHA1
ff37c7a653bb3ab47aaaf76569fcc20a3aaa12ab
-
SHA256
3a8c32da985dc8294ab781865dbe28413c9d34853e4ce0084bdedca644f5e6ff
-
SHA512
dea77a5a7bfdb9317f482e4da6cad2ade907e0b9931b1941838dae3d791c7077f1ac61b0327634d9fd26c45f1c37044e97c2df01cdc9110cf22f43a0a715cf4d
-
SSDEEP
192:ev1sv7KbivUXiT5hzW/AHWLx64EXh554/AAQ/AAv/AAa1jc3j:aSF4EuAfuo3j
-
Drops file in Drivers directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Adds Run key to start application
-
-
-
Target
IDM/423Down.url
-
Size
188B
-
MD5
b2059163656eb8f22b01316ddb2815d1
-
SHA1
be7680bef5af84b50980ea370e85c8fce924707e
-
SHA256
ffe55c2d3687ceedc7307d5b7df085a10d946f04b5f46a1ff61c88fa53beed7f
-
SHA512
480945fa03caeaadc81aec2f1872685aef44bafb73bb0a3be697c76696e181f80c2140084d7abdc2ace457e2de12aac63190310e8c3d47a6eced60aceda90a29
-
-
-
Target
background.js
-
Size
50KB
-
MD5
3360f59420ce6061acf5fece057aa46e
-
SHA1
773cc094383ece06422f23ca0e3751038d298b21
-
SHA256
880a97be880618794fb1b7a26f7014ae55af12599ce1cb4aa41d1defe7220277
-
SHA512
4b49e7a268242607e2eafce62065b16ac352390bf9d32e5ba296889496d2e23d659b8bacf1386768990ca3ebf65aac4441d64e6a32ada03d09bf1563201e22c0
-
SSDEEP
768:CUsaomQ88cGPX/OY2Mn8ujEwLdjjkBq+kVAPfakbHaRTG/e:5lzGPPpBtkdkq3BbHaRj
Score3/10 -
-
-
Target
captured.html
-
Size
1KB
-
MD5
5062f9d1df3d8e0f7ab6aa60b9ed8559
-
SHA1
5a3f784811f44fc6c90f05c65f2293e2bb92bcdc
-
SHA256
2e085475431e6f7e08159fb76f80b37ec1c73c708fb26a60acb581b491cba5c3
-
SHA512
9b284a33645a8989403bd3676746413be76e0fe2acd84c28acc61beb5b058dc9f70c6bf6929a90281f876caf850032da2ca1b17fe4596c2506cfb0a667d47536
Score3/10 -
-
-
Target
captured.js
-
Size
776B
-
MD5
f7e3f5cb96c0a35f6fb7ebb3bf93c0cd
-
SHA1
979c0f54aa9a0468b364d75948f6d34335e2af93
-
SHA256
38adc87d581741f9f17d7a0d346e651f9a1de6a0ccd08cee8e3945bcbff81055
-
SHA512
7f1b856bf487fbe45cde398a24f57c813f8f32795dce1b2fd36ab0357b67b7efef23712a3944b79abfe2301dd9f0e248decc390ed15944171bf034c2d7346d54
Score3/10 -
-
-
Target
content.js
-
Size
17KB
-
MD5
03d05e69335ff1c463a8b9efb4211165
-
SHA1
4148e3f4c4e917354715bcc8727a3c420c2ea647
-
SHA256
95f793789a0f7893982819cd73c5d2539aa0171b170ae7ad12807d75144bd58e
-
SHA512
1cb6cf57bc2c23a85e88b53a40f9119310002f692aaaa20e54ed6314964a46f65d9abe7e432d52e69a5bc4c13a45f23bbd37f0e9b19bd24de9a6f291d18c1d02
-
SSDEEP
384:T9F9Ku2FM54/07klXvSHI2wJuT/Lc5lFVZ7ZBaga6pWqVztFcwuKQHRheB9Nkn3c:TXWhlXvSHI2L/LMFVZ7ZBBa6ptVfc8QC
Score3/10 -
-
-
Target
debug.js
-
Size
962B
-
MD5
0570e1cc548b165f5e266528820b78bd
-
SHA1
cd803dc2a653073c02fa94e171926a89144547df
-
SHA256
af89b320349f3eeddb5d8a80397de9169299e408f3d92b98f416293ccd3b58bd
-
SHA512
99ef362e4e01d37a637b92098422d3d6930f1e53705aa604fb5301f1e71f9e0a49d09d3d5211820d677d4ba6ce561dbf5143238a94d1e22c60c383fa648503d1
Score3/10 -
-
-
Target
document.js
-
Size
1KB
-
MD5
c9c88ad8971b9beaba25a7c179a0d2d3
-
SHA1
0df9d89492928911d91912e38868952939a3e655
-
SHA256
154a952d27d1500b57dd1c63fe7cf51ec66daff96a55da34e8f9576b9992f32a
-
SHA512
3d89e1f9fd76ae1754194930059af89877b44c397587cd536edf88a996b3988cfa092741e3a70711267cd02280e63d6070e47f6d5525d84566009271905450dd
Score3/10 -
-
-
Target
welcome.html
-
Size
3KB
-
MD5
ec3104b7e51e547453b6f789e6408223
-
SHA1
86c95e49d962af24b50e6af3b9709848e6a4790b
-
SHA256
5a3b8e3a8bb4ceca8c76e92ff904bfcce6642d9f25d4cb645bf6f3c6c4994d87
-
SHA512
216872e4e45139bc68f5e3c65bc41931e2d369e7d94f7faf981e6f19409a0420576c5ccf4305a418346d45d06666df9ba756403239421063403f0deeedbac776
Score3/10 -
-
-
Target
welcome.js
-
Size
1KB
-
MD5
7dfb62a47993b3162172ee41ef00bc9e
-
SHA1
656328a5f31a20ef5e51db8c670a671f02b982b2
-
SHA256
a1fd35ed7f7ddb52faa430bcc20ef4dc50e0033da7a21da93fe4daa1650d45ed
-
SHA512
c23e04e454e05ce012f882ae39411205ed47c83d0e512dfd62b4d1d2c678351a446d672a0d673b55905634fcd852979a231844059d9ce5d30241713366032dfe
Score3/10 -
-
-
Target
IDM/IDMFType64.dll
-
Size
51KB
-
MD5
c976ceb4be1daf3a848c11a4adf224ba
-
SHA1
9ce2b9c6a3cefb6b5be69572c0c30f87322ef145
-
SHA256
0479dda9f82192a7c8881413f8ca6a220e63a4811efadc497dbefc0f4c290441
-
SHA512
3cb95b2048f5c62002656fec25c529caa6327481c0351364f1168a88583facf09631a7c20ae2fe125fd8eef422095528acf27183b242a5a36bcce45c4c327cb9
-
SSDEEP
768:eak1cQ6KfFSF1F2Rcyg1wgRKZMMNbKYk4PHQBpjhXnZwPs0DDYW1MmOdbCk7v:KLwL2Rc7caIbKYrKpdJwPVDRDOlCk7v
Score1/10 -
-
-
Target
background.js
-
Size
50KB
-
MD5
3360f59420ce6061acf5fece057aa46e
-
SHA1
773cc094383ece06422f23ca0e3751038d298b21
-
SHA256
880a97be880618794fb1b7a26f7014ae55af12599ce1cb4aa41d1defe7220277
-
SHA512
4b49e7a268242607e2eafce62065b16ac352390bf9d32e5ba296889496d2e23d659b8bacf1386768990ca3ebf65aac4441d64e6a32ada03d09bf1563201e22c0
-
SSDEEP
768:CUsaomQ88cGPX/OY2Mn8ujEwLdjjkBq+kVAPfakbHaRTG/e:5lzGPPpBtkdkq3BbHaRj
Score3/10 -
-
-
Target
captured.html
-
Size
1KB
-
MD5
5062f9d1df3d8e0f7ab6aa60b9ed8559
-
SHA1
5a3f784811f44fc6c90f05c65f2293e2bb92bcdc
-
SHA256
2e085475431e6f7e08159fb76f80b37ec1c73c708fb26a60acb581b491cba5c3
-
SHA512
9b284a33645a8989403bd3676746413be76e0fe2acd84c28acc61beb5b058dc9f70c6bf6929a90281f876caf850032da2ca1b17fe4596c2506cfb0a667d47536
Score3/10 -
-
-
Target
captured.js
-
Size
776B
-
MD5
f7e3f5cb96c0a35f6fb7ebb3bf93c0cd
-
SHA1
979c0f54aa9a0468b364d75948f6d34335e2af93
-
SHA256
38adc87d581741f9f17d7a0d346e651f9a1de6a0ccd08cee8e3945bcbff81055
-
SHA512
7f1b856bf487fbe45cde398a24f57c813f8f32795dce1b2fd36ab0357b67b7efef23712a3944b79abfe2301dd9f0e248decc390ed15944171bf034c2d7346d54
Score3/10 -
-
-
Target
content.js
-
Size
17KB
-
MD5
03d05e69335ff1c463a8b9efb4211165
-
SHA1
4148e3f4c4e917354715bcc8727a3c420c2ea647
-
SHA256
95f793789a0f7893982819cd73c5d2539aa0171b170ae7ad12807d75144bd58e
-
SHA512
1cb6cf57bc2c23a85e88b53a40f9119310002f692aaaa20e54ed6314964a46f65d9abe7e432d52e69a5bc4c13a45f23bbd37f0e9b19bd24de9a6f291d18c1d02
-
SSDEEP
384:T9F9Ku2FM54/07klXvSHI2wJuT/Lc5lFVZ7ZBaga6pWqVztFcwuKQHRheB9Nkn3c:TXWhlXvSHI2L/LMFVZ7ZBBa6ptVfc8QC
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1