Overview

overview

9

Static

static

3

Readme-说明.htm

windows7-x64

3

Readme-说明.htm

windows10-2004-x64

3

彩虹云�....3.exe

windows7-x64

3

彩虹云�....3.exe

windows10-2004-x64

3

彩虹云�...��.exe

windows7-x64

9

彩虹云�...��.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    3afe50c79a875f69e4313cb8433c2996_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241012-tyv2fatgpp

  • MD5

    3afe50c79a875f69e4313cb8433c2996

  • SHA1

    8f7c3f39ae883358c01747159ce4111c6b90adaa

  • SHA256

    53f3b7fac8720cfbbe3cd13b9cfb8280001472b76fc7d58a3922310c33833877

  • SHA512

    974f8706da397fa2f747d0dc9a8ad735c9d6fad31ce8e1c080a59b1d3a0faf4dff808099c572ffb7d0f527a6556f9eff886999f6f02c1eb3f5096a91ba695313

  • SSDEEP

    49152:PGCMX8pJFafRsI0QR4ar9qdEoFccciqHAAiJo+1:mG0jxqdE0clJQ

Score
9/10
discoveryevasionupx

Malware Config

Targets

    • Target

      Readme-说明.htm

    • Size

      3KB

    • MD5

      a27c416a8f0619326f06edabef6f66bb

    • SHA1

      a8caa5fe47ad58b8c65edfd4a4d959752c71d4da

    • SHA256

      462173c79244a072615b9cef65e9069e4b9cbb844127a24c0c3c8273369c9d62

    • SHA512

      a8a7565010cd16c15fa44a7efd4f8d4ac0c08f44433fca7cc5c1811a502ee59579529335e3e1032f463ccd4f19164edeb091a377ff2b89cc7af7edefe5f4ae28

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      彩虹云点播 V 精简版 1.0.0.3.exe

    • Size

      1.7MB

    • MD5

      672a839d007193bf8d230e4fd3932eef

    • SHA1

      67a437cb98fc215cc8fb056342dff6a656e62496

    • SHA256

      2a0ec12345de914b5a2e4bc6e906119388172c22e6b9c245afe6fe5649d61165

    • SHA512

      46b3d46ecffaf5f86fadc3280b931824324230dbb9d9533d37595b0910b9c6377722ad011e13b2dd55c7838f22101da9933f02060285c36bb770b262333b7cb6

    • SSDEEP

      24576:3vDhvbkb2hF5yve7ZTm6uLLjBV8o3dYYxi/4PFk6dJFvS8G3K9:3rrhAQTKnBWNT8n9

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      彩虹云点播 V12.8增强版.exe

    • Size

      1.9MB

    • MD5

      0e310af21a0d0a73aa05f82d0e880615

    • SHA1

      56e12f5fa1b80043fb5b0422905f46057ac59757

    • SHA256

      4be38eb96f3d27939a2983d98114e8cae1b3b71892d3d89c96861290986ccfc5

    • SHA512

      ff1d7abe4a695d03d6b1f3740c07352a1b225796ac670977965b71614a7925e25579f0d11b2a58ef6be99700a358978957befa5735a58e6d9f8ebe16e3c76a56

    • SSDEEP

      24576:BRIqr1AvNT4WeQgN02vXgYV5krLh6cagxWsnRsKUqnYHOPpSczU7U57fw5o/4:YGwbez624O56h6c5WSX8OhJyUdVQ

    Score
    9/10
    discoveryevasionupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks