Overview

overview

7

Static

static

7

【GM工�...2d.dll

windows7-x64

3

【GM工�...2d.dll

windows10-2004-x64

3

【GM工�...ID.dll

windows7-x64

3

【GM工�...ID.dll

windows10-2004-x64

3

【GM工�...rt.dll

windows7-x64

5

【GM工�...rt.dll

windows10-2004-x64

5

【GM工�...on.dll

windows7-x64

5

【GM工�...on.dll

windows10-2004-x64

5

【GM工�...od.dll

windows7-x64

5

【GM工�...od.dll

windows10-2004-x64

5

【GM工�...2d.dll

windows7-x64

3

【GM工�...2d.dll

windows10-2004-x64

3

【GM工�...2d.exe

windows7-x64

5

【GM工�...2d.exe

windows10-2004-x64

5

【GM工�...ow.dll

windows7-x64

5

【GM工�...ow.dll

windows10-2004-x64

5

【GM工�...ub.dll

windows7-x64

5

【GM工�...ub.dll

windows10-2004-x64

5

【GM工�...fs.dll

windows7-x64

5

【GM工�...fs.dll

windows10-2004-x64

5

【GM工�...51.dll

windows7-x64

5

【GM工�...51.dll

windows10-2004-x64

5

【GM工�...hp.dll

windows7-x64

5

【GM工�...hp.dll

windows10-2004-x64

5

【GM工�...ip.dll

windows7-x64

5

【GM工�...ip.dll

windows10-2004-x64

5

【GM工�...00.dll

windows7-x64

3

【GM工�...00.dll

windows10-2004-x64

3

【GM工�...00.dll

windows7-x64

3

【GM工�...00.dll

windows10-2004-x64

3

【GM工�...71.dll

windows7-x64

3

【GM工�...71.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bdc0f75a9f85a09d9e656d5a9b2ddc21022ca78800545662a46b55a6f3e4200

  • Size

    8.9MB

  • Sample

    241029-yy3thazajr

  • MD5

    b62424b169930bc29b071c14dc789f17

  • SHA1

    56ad276e0e7d6bce77bbda4b5f70d6634a2b3be6

  • SHA256

    5bdc0f75a9f85a09d9e656d5a9b2ddc21022ca78800545662a46b55a6f3e4200

  • SHA512

    e039190a081cfb14e0339568de6f85a2c1a81ae87089eb15fea384afe1934d1fc1788e7dfca0d7aed4626bbcf2b30eab671b3c39aef420d3bb5472ddd7664386

  • SSDEEP

    196608:JBkYkcFcz+GT9e21I2GLy0lC9Sb+azzH/rndyYA+g2FZC5uJNJp:gEczZT9e7y0QnuHDntA+PTC5uJXp

Score
7/10
discoveryupx

Malware Config

Targets

    • Target

      【GM工具】/Galaxy2d.dll

    • Size

      915KB

    • MD5

      296c786839cfe656dcb7a6ba5e866109

    • SHA1

      4f420c8dfd8f10235ac51420d7c6228e9d4ed2d5

    • SHA256

      8c2d4ec2ef0808e9339e5eca5388b375f0b28b4c0f2e0d453e0691ac3616c5d3

    • SHA512

      197905df5ea5fca9796e2a6458466e8b4b75f23b298d41b63369eb298dfb9a7190633801b18822c4a66641cf822c8a11b1a146577da7411b672e94b023e5a346

    • SSDEEP

      24576:mpKuvWMrY8kZraVkHE2XaXkqekppRZB+e:mNuMs8kZ+O3CjDppRL+e

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      【GM工具】/WString2ID.dll

    • Size

      9KB

    • MD5

      ecb2db6770576733ad546da05c4daf32

    • SHA1

      5fb086623b1ef65a06222bc1ed1ac86245f9c319

    • SHA256

      5b471289d437a930230c3d28d8152330c759454e1ec1d76fd504a876d483cdc8

    • SHA512

      b908cdb33a34a98df3df49ca3903b8da3a5377354010a155068a98601baa44e849c2d97f0c45b72fa27098eabbb1524d6f3a80e3a0c62c7a66f0f6ec63b7d2ad

    • SSDEEP

      192:zAWneKTu97npP//VvuQXQi1pbPG1QTxe3XPEqxQ6bBGDro:UqiJpP/1uO1NJC/h28

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      【GM工具】/astart.dll

    • Size

      27KB

    • MD5

      15e6debd29d8e31ed63dc3bfcbf26311

    • SHA1

      0b8caf0c040c303d19035fed90bf20e35f193ef7

    • SHA256

      9113f41809be33566190a4f7b20378d69135a61028be33c0696163e8fe862a77

    • SHA512

      972c00b26f9fe983530d7020e5c4426a4b237ea81a1da40c1444497d783bf9fe4b3b31589b3be1d943e05e9c67450f56794572eb2cf04011e3fa624da0849122

    • SSDEEP

      768:+h1O4X9vvhwwcaKyyl6NEI3EY1IOfhbDdqT6:+hlvZAl6NL0YmOfeT

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      【GM工具】/cjson.dll

    • Size

      20KB

    • MD5

      8726130a7964b1e1eb3defdfd1188754

    • SHA1

      c888acf5b70425b7fce49d0219fd4ba070a67fc4

    • SHA256

      2e0e14aabb5fc44d258957c34dd74b4957dfc4ae5603f76bc2263c87e9111ba2

    • SHA512

      c9e00c516d11a791b8bd610eed078628f930d5218edd6004f2cde2e72cdfd4c422b6d2ee1fa01b55e1ff49284b9eb6cb28887b1b1ccb57824c9069d369737dbc

    • SSDEEP

      384:3Evis/ZxucvM0eapY9qu8ufDyFtUnPVHxKN:xiIcvM0eaa9yufDbnd

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      【GM工具】/fmod.dll

    • Size

      159KB

    • MD5

      b8d0cce2ca1cc850c8c6f25a70d855e6

    • SHA1

      e64409d3677b73c1ecb072f07f4630f50096e013

    • SHA256

      1e08da161cf78746304a834973971ee47a24817ee4e28df74e3f37dbbb383b22

    • SHA512

      a272920c38538e3e080b62bfe9e6c28191fd6d079d1af6861d56aa7197a408dce61609f8f2c280a1092a50a9bc36090ffae5d54bc36d20efb560c485d7123494

    • SSDEEP

      3072:IzyGFME1oz6ZnQoZGSSVtaCJzyQdRubKeuWW6VRjy3vwH5W1UEkV+hGRi0VaR/7n:IzyGH186VVZMtTddYG5X8DEqpsH2srJ

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      【GM工具】/g2d.dll

    • Size

      908KB

    • MD5

      5a7e4900145854d0f2b0f7c338b7ed10

    • SHA1

      f2da30b282b6094e24ab9a970ec1249bf3796768

    • SHA256

      f5d8898c8573286ab8324c2f310c49d0cd88d6be3c6a002262068991ff316bfb

    • SHA512

      127c20db33118357c54704abf1d66ba44098c2fa09a7260c3f0ac8889e392cf55ea78e1b4225cf624e390a5a7f18e4f4c933a630f40eb0f140f4c69a8cc8234a

    • SSDEEP

      24576:peeMAR2FPr9rwWZZ3UopSBjDK+VDISq8IY0+e:gfI2FHqHVw8++e

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      【GM工具】/g2d.exe

    • Size

      1.3MB

    • MD5

      24d54059eae783f0da6e90d2426b7cbb

    • SHA1

      77a69e0e71a6837bf50923f2361830ed2795f9c4

    • SHA256

      fceda9b830adc48db7541d54209c266261bbc706005f680ebc6f449463daa9c8

    • SHA512

      860443a21fa0782d7b898e9bed25b80cfe027dc80e81dae46bb6c218d4b7f21ef0985d47cb89b1083485e0321e37b48e62ff7ffd0d79b9d9721b47a75882ea77

    • SSDEEP

      24576:NirBetTOMpUGyG0d4C6WutottMmaxRl0eEcgLbANr9r8Vtc:NABkTnpUGyG0dyOMZdpEcg3Ir8VW

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral13behavioral14

    • Target

      【GM工具】/glow.dll

    • Size

      54KB

    • MD5

      6d91fa5acb17feb308d841a4cbaf5f2e

    • SHA1

      033a4d8de3a7dd5b815927ef31b9c28df871a68b

    • SHA256

      6039198f7133a7a8b31c054ba4d1133de0fdaa2801eb4be554b63a4dae0f22a2

    • SHA512

      33d9026e2ab52bb9eba462f0a4b21158be7be118433720bfd314e8b00c62a8061ef9490e35a1c711f229130aafbe9badf4728a8bb21ff796d558f51238c7548d

    • SSDEEP

      1536:BsmpVA2nEg1vaxBuOXLp8D0wExYXj+OmOnkDVwU:RIUKAOXLp8D0wExYXj+OmOnEw

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      【GM工具】/gsub.dll

    • Size

      7KB

    • MD5

      afaf0c0807ce34cd5aa0cd88e392a9d5

    • SHA1

      2f2f360619eb388ec32387696e8707172468388d

    • SHA256

      0ffbe2710b4d5c5c925b065125cb137c5c3a9c5dcf5f0a630e00d638dde52e81

    • SHA512

      126b509d339adbc3c99df04c9cb7f2eb30bc93822a4e103821f2c89b05f16081c36e9d9f39c8e8fbec6589b07469842c0c4f65855e942bc54daa1337dd22afe2

    • SSDEEP

      96:OQHVZH2B1AbJDylhtP3LKuL9FTBcuKXNlS+410+QCsEwtCl9/I5CJlCxp:O6Tu1AbJOht/9NBcWBQCdwtc5IY8p

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral17behavioral18

    • Target

      【GM工具】/lfs.dll

    • Size

      14KB

    • MD5

      940c753e4910b30ee173e918d18792b5

    • SHA1

      f1d78fab6a867898c342bf60002ebf7767028565

    • SHA256

      ac35a39907ae4b50e20b5a052311e1785dc69846dae3bfdf4f4065090e8e6563

    • SHA512

      afd8a863bbcf5a7d73a7a11495fd678b0459b9a6ec2482f57738b8e01d70200b5dfc36f4814fe0939bc087776e0022dab9e99dc640272a2064212a5d950353c9

    • SSDEEP

      384:zmsF7upOnnMgiCH17D0tA7DE4VVnPV5PzX:HpnnXiCH130tA3FVnd5b

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

    • Target

      【GM工具】/lua51.dll

    • Size

      175KB

    • MD5

      80927598edb56e96158a8a4937c30b63

    • SHA1

      88a115b8539d931af6f44fa28e8771574d6e97ad

    • SHA256

      85d5383ba42c0b8ad8af1b13bacb643fdb080f9c589c04ecee1311f67ee5dcb9

    • SHA512

      9f75162be574052931c39aae7b1afb879a1789e65eca54323bc5f52164e87f14e673d6504a9581c0bfd8b6f9fa0d6c1a066edf5fe71045349856cae237653b71

    • SSDEEP

      3072:0fQMnFKKe6xC2igr9ZH0R2yQs7lWk8+OH5W1kjs7MnkVOMP3UZv6/D006/Zw:VwVfzI2TJH5W1kjKVOW32v2D006/

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      【GM工具】/luahp.dll

    • Size

      134KB

    • MD5

      a9f67ca0579057b1daa127a6f068f629

    • SHA1

      92382e73520db6823e2755ad77037a216937b3e0

    • SHA256

      9cf024fc51046dc6b451d49f450cc4eabeb2e196897b26e8dfcd7d23e5b2cd0f

    • SHA512

      248254d415f61cb1a487418b16bda10c0f594e3db4a91f7a41f83879c5153eea8274b9fe3e36b0916f993a1a5129f3abcb5f41435f753b669123ccbc6860d42c

    • SSDEEP

      3072:QRId1OT8AEvCNWiYYbxwBStHOb7aNhJ2Of05t7:Qqd1CvEvLiYuxwB2ub4aOf0D

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral23behavioral24

    • Target

      【GM工具】/minizip.dll

    • Size

      47KB

    • MD5

      c680c149dea78225d26a7e64ce0a075f

    • SHA1

      b2d63c435d176aa70e31357e8ff0d00deb871285

    • SHA256

      d883f4edb19747536fec497eed9523e56d6ec1378a82c8f2f58be2c6d8d2bf3b

    • SHA512

      ce18307a394fb2acb72baf40c679f1c8858885d854964b821a9ffcb174253698c8ac5d4ab17be00bb69093766d8e0d435b3562d9a2b179fb17a8dab041a975c6

    • SSDEEP

      768:CIgbWTUaYBhHJ/wp7SQTNRDd5DYVn8t4nToIf1SIO0m6kYNROZKd7eY:ClRBvIp7ran8t4nToIfMIO0jtOZmeY

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral25behavioral26

    • Target

      【GM工具】/msvcp100.dll

    • Size

      411KB

    • MD5

      03e9314004f504a14a61c3d364b62f66

    • SHA1

      0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

    • SHA256

      a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

    • SHA512

      2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

    • SSDEEP

      12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      【GM工具】/msvcr100.dll

    • Size

      750KB

    • MD5

      a2fd450fd44d9b8ccd74acaeaa9957d1

    • SHA1

      6dcd17042e9cd0ac6fffc2bec8248e0367245595

    • SHA256

      a21022d0b096ee9fc07ef256babb7f96b21c0ff1e2d31f01ac35b19f0dd53108

    • SHA512

      aa080419735bffdd428ef619bd2b038e749e4349bc3e2aa7ac971c6d260cea9f154bbe15d824cb344f2d454798b5583ff8139d6269ee12dafd99da97f6ae3be3

    • SSDEEP

      12288:yQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8ha:LmCy3VQs9MtLjTgfa3kon9FaOdEc

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      【GM工具】/msvcr71.dll

    • Size

      340KB

    • MD5

      86f1895ae8c5e8b17d99ece768a70732

    • SHA1

      d5502a1d00787d68f548ddeebbde1eca5e2b38ca

    • SHA256

      8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

    • SHA512

      3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

    • SSDEEP

      6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discoveryupx
Score
5/10

behavioral6

discoveryupx
Score
5/10

behavioral7

discoveryupx
Score
5/10

behavioral8

discoveryupx
Score
5/10

behavioral9

discoveryupx
Score
5/10

behavioral10

discoveryupx
Score
5/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryupx
Score
5/10

behavioral14

discoveryupx
Score
5/10

behavioral15

discoveryupx
Score
5/10

behavioral16

discoveryupx
Score
5/10

behavioral17

discoveryupx
Score
5/10

behavioral18

discoveryupx
Score
5/10

behavioral19

discoveryupx
Score
5/10

behavioral20

discoveryupx
Score
5/10

behavioral21

discoveryupx
Score
5/10

behavioral22

discoveryupx
Score
5/10

behavioral23

discoveryupx
Score
5/10

behavioral24

discoveryupx
Score
5/10

behavioral25

discoveryupx
Score
5/10

behavioral26

discoveryupx
Score
5/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10