Overview

overview

7

Static

static

3

DNF霸/24�...��.url

windows7-x64

1

DNF霸/24�...��.url

windows10-2004-x64

1

DNF霸/DNF...��.url

windows7-x64

1

DNF霸/DNF...��.url

windows10-2004-x64

1

DNF霸/DNF...��.bat

windows7-x64

7

DNF霸/DNF...��.bat

windows10-2004-x64

7

DNF霸/Launcher.exe

windows7-x64

7

DNF霸/Launcher.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    126012a7f569463bb63ce5ffb61d349b_JaffaCakes118

  • Size

    2.7MB

  • Sample

    241004-h5z37avfmh

  • MD5

    126012a7f569463bb63ce5ffb61d349b

  • SHA1

    baac6798d176519be7a4543a463f748c7a65ea17

  • SHA256

    df5aba837feb48320815c88cf782d7d03fbad743df67009421300d10063ae7fb

  • SHA512

    5f08187269b018876ff17174abf82a66ea1272443a24014eac739934922ca9242ff96ab29cbf3ac86eda2e66f7ac4a76e4f52ae22a43704baf08dba8e35fc44b

  • SSDEEP

    49152:ax1/LMXyKgBwvCyOh+nf0VU4I/FYMacqQT7AAAJMbd278YDq0g2WjqjlRqyCkBW:ax1/LMXyr6MonfuUhCBy/AJMbd2W0gR/

Score
7/10
discoveryevasionspywarestealer

Malware Config

Targets

    • Target

      DNF霸/24小时自动换卡.url

    • Size

      272B

    • MD5

      8dce0a5472418c26934c428b6112f772

    • SHA1

      9bd0108f1e6093cb320063f8c0651cf2012d5b2d

    • SHA256

      66827b9cdc3fd3a34a0b5cc425a65335a399cf854cea175d5217376befa574d4

    • SHA512

      c7b9a7c1b8e0054f28df584ed59daefd866b6eb3098709131e646efca183a62f0099ed43c772a83299c1ad572cd48840fbfd40303a1a1cc4f15c3d8b61e2b999

    Score
    1/10
    behavioral1behavioral2

    • Target

      DNF霸/DNF1100外挂网.url

    • Size

      124B

    • MD5

      77673eb0699147772b556506a4f3e0c5

    • SHA1

      3f1b1d1f4e491e06459090068b27c0486fe6720d

    • SHA256

      9bd531da7731c24bd88ee14ef9a08bf282bec38c93e9486834e7e962009500f1

    • SHA512

      509304ab28a78ac2a9a4f763529544d2aec1507b388ed32bf4e09fde93de0ade00e0d05a8d1e22d4d91996f71b74c37cab041e00191aee1fcdb686d78698dd6f

    Score
    1/10
    behavioral3behavioral4

    • Target

      DNF霸/DNF掉线数据清理2.0版.bat

    • Size

      973B

    • MD5

      8e964967bb8c05e94bb61cde82a1feed

    • SHA1

      631600490dd459ee5c4b471c364e5c04bbca74be

    • SHA256

      6dc629b410caaa9d3a656bb8882b9a33413f9067a8735678890eb3ecf0db8564

    • SHA512

      f97bef5a6e45309848db43aa854cf5931bbcf0e018a6a552be62aa9b265a375f63a5fae28bf7652c4fc7a45b4ba7a7648906d2d2cf74d2b52d0d150a3fc9fa7e

    Score
    7/10
    spywarestealer

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral5behavioral6

    • Target

      DNF霸/Launcher.exe

    • Size

      4.0MB

    • MD5

      d130cc1205774d1a491b5b7b9d7969e1

    • SHA1

      391a4dbdb19e1804986cea3afad3425da0706797

    • SHA256

      ce7cbd9f89f7a64c584ed4ed7ebf0b15ed889af3b2ebd4d0de5f96543a0093e9

    • SHA512

      cdfb88fc2f30525f2fef88b37028ea2415692060fb31b173fa48e451624a042b0076d73d1c5eaed69210ab9709a872c1148a89f143706fdc12b55d08c7956dfe

    • SSDEEP

      98304:R+qLGHz5mG0UBXvFppUZCWVYcfEjUbtEE/:D4z5mmBXBuCWJfEjUbF

    Score
    7/10
    discoveryevasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks