General

  • Target

    siyuan-v202411091638-win.exe

  • Size

    146.3MB

  • Sample

    241109-1kx27sshna

  • MD5

    e564a5ce53a743919b8220ba5f70da8b

  • SHA1

    c566b1305b9111afb845ea0d7b00fcc1f2e65b65

  • SHA256

    8839933eb3940fab3ece0ccb3349e6ecae511f74e93b38d23071aabbd9d11123

  • SHA512

    3b76330ceee7bdd1129d365c36d29ba110db9b1f2f49a303e57b80e2be104e1df807fc9c7cc341a7bc926ac8a0143b0884497655fa2df19f1a14a785d5fb2386

  • SSDEEP

    3145728:sMTHFumxmKr3zHZ2LbpFeA+CI3Y7hudV1PAgcol8TfG1vS2EQd:sMTHFuCv2LbpFdrIdV22Swd

Malware Config

Targets

    • Target

      siyuan-v202411091638-win.exe

    • Size

      146.3MB

    • MD5

      e564a5ce53a743919b8220ba5f70da8b

    • SHA1

      c566b1305b9111afb845ea0d7b00fcc1f2e65b65

    • SHA256

      8839933eb3940fab3ece0ccb3349e6ecae511f74e93b38d23071aabbd9d11123

    • SHA512

      3b76330ceee7bdd1129d365c36d29ba110db9b1f2f49a303e57b80e2be104e1df807fc9c7cc341a7bc926ac8a0143b0884497655fa2df19f1a14a785d5fb2386

    • SSDEEP

      3145728:sMTHFumxmKr3zHZ2LbpFeA+CI3Y7hudV1PAgcol8TfG1vS2EQd:sMTHFuCv2LbpFdrIdV22Swd

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      LICENSES.chromium.html

    • Size

      9.0MB

    • MD5

      c5de877a372447fdd303c1026fb432f2

    • SHA1

      6fc0a751edacbe061e97248fa550691225891030

    • SHA256

      4bf4dd1a05ecba975c90d85117dea74b0e94114f882bb26a7e7d1029afe8fda8

    • SHA512

      b3079b18419ca854118e12e8d4681c9e66ae55fbb1f69cfb3ef6322a1c17557c0adbfab5ced030133af814d39483a2b5c7090ca3abb545e8808ffb6abe6b3ae6

    • SSDEEP

      24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd

    Score
    3/10
    • Target

      SiYuan.exe

    • Size

      177.7MB

    • MD5

      37140ef60e8dfdb594e7f8495c7a03e4

    • SHA1

      14f35d3ee9085e88c04438384ca06c2ec886746b

    • SHA256

      21614db7e95bbf9f7b605773db9f2f6ed47159c1a0bd9e8590ad5c636e90cb5c

    • SHA512

      3e51b9c20527a8471728ae0f8603ab654078bf03796dd221cb9c3a704a130c639f4178934fcbc5753b538fff2258f6e0c5f05098345e4bc677587bd188822f6f

    • SSDEEP

      1572864:kFKALQ5P9sbWJqVMw17uzZ5sJ8XDQ+/99HOBil8mtSGjZ+BOh+b3exaNk2CcV1lx:SZ9Vk91jpwM9

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      a7b7470c347f84365ffe1b2072b4f95c

    • SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

    • SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

    • SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • SSDEEP

      49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.8MB

    • MD5

      ac8b92d611808fa706fc66b0cbd2b47e

    • SHA1

      edf4499624a0bf7c39dde8bb9851c6a32775fcd2

    • SHA256

      e7e3072809129e705674b9e36d4f282a013cb9e08e8951b2cf421c77f5c8d15a

    • SHA512

      3cd98bb9b57fbd7184ba0f2b59529eace03e06f9b532032a98273b5e7fba26fdfb2ee22e09fdac57147fc7639e6d0d4955dbe94c85a19a5bde2d0b58cc9ec209

    • SSDEEP

      49152:kkzMF+in6Rjp84IEeOUmlyNTzk74y0V+X6CfTBPwN/4MT+fcX:kkXpCOUyy5Z96Q/Wk

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      473KB

    • MD5

      5f70bcd25192c2551161fd99bc44ced4

    • SHA1

      4d4f2f9c118d30c34f9b0c508fc16b4a2e5df7ea

    • SHA256

      a2a2b67ea9e03df00c54c2d2eddb463bae2e9730b23e525c2f979536476ded35

    • SHA512

      f2659ab8ade27bcf81a5b278c23615086bb4956ca32c755dd4e6f760a5284f2c81c237fd48b7daf300cdc2658d5340024d3481a61b678ae95c826e24d53dbf9c

    • SSDEEP

      6144:DeoMqSwktU6O8J6AGrIKLD0Rv8KRWAwi+u7fSGSetZu:PMeAQ8JFGrIKLDW9W2+u7fSGS5

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      8.0MB

    • MD5

      2a9b964d71d8c0a649a29b79c290571f

    • SHA1

      d1802c6950fa3b4e078819aed7f25fb2a2c4e19a

    • SHA256

      684b181eecf8acb21cec94aecad6511dc9915b57d8c9524f9996b8c8d3adedd2

    • SHA512

      b25b67d0a61a1165e612313f7c49623f3fcb00f4a824a97e7485612c34026cbb935a27ba4c8dafcbd9fe30de2e646783bd139df02007edec46442aab26a7452a

    • SSDEEP

      98304:rsbPUQUHoQ5dKV0H4HrX7OBAK2dMNFR7VxVXC3OTW+:rsbP/UHoQ5AV++wAlMlVXmOT

    Score
    1/10
    • Target

      resources/app/electron/boot.html

    • Size

      1KB

    • MD5

      cb9e20015456e2667ae31461af98bb42

    • SHA1

      7a6bef55957f46e2301372166b28828d5cc2f632

    • SHA256

      d5ed6baac089b1902d3cdbb0defb92593bc83b6c3d52214dd284ccc83ec6ccc2

    • SHA512

      0bfde494578be09c540f1304a3f55cf5b5873ddc17762aa2ec10365b0f6b878060fbe5d6c8e2f35de058a0a06cedb0268f255329dbaca9b6580298a5febabde4

    Score
    3/10
    • Target

      resources/app/electron/error.html

    • Size

      5KB

    • MD5

      94aa7d1b415c99e62f8e64228fab58eb

    • SHA1

      e350ca1fb0790df414ef42d82f79a9a0c33bb158

    • SHA256

      a195b10ace5bb736b3fd68e7a81a8d03ed623a376a607adf39d22df9990b52a0

    • SHA512

      56b4715da8bc69567e87f18f19583910d27e93a6139cedbe1533b001d8687e3a78269cc657ba8824789ab7168a75099210f2f061138f652147d62ab27ad1f476

    • SSDEEP

      96:NQtasX/FtOkLjgRf2zfKstFUDBFEdbcH4sJuhVVL4DEtxQ4QQRP9KZI8xMhig:NQ0sXjOk+f2jiDAdbcH4551X82

    Score
    3/10
    • Target

      resources/app/electron/init.html

    • Size

      17KB

    • MD5

      816e0e1df715a353490ad55543daa227

    • SHA1

      d8d522f02b35f568fd2e5d2c4b46d7877f5478cb

    • SHA256

      403f6becc880471083914698965446e4ebe39e04ffbfee3313b573258b4e9951

    • SHA512

      3305978fa19a2db0bd2f5b50ab49f271ca2f1f66ecbbfdc152cee909849e587a185bcf8fcd59493ea4dfd2c7ec5b63f03c9d931f89722902aaeea1b1ff456dd1

    • SSDEEP

      384:MNR7sJrB6opEFr+l0nwGXRbWbRVq3/s1SDb+4LV+cYC2Wm:M/8k/+unwGhAqtGp

    Score
    3/10
    • Target

      resources/app/electron/main.js

    • Size

      54KB

    • MD5

      a1b6cc881ada7c7bf9ad4adc2ab1a7f8

    • SHA1

      1969138c8bc9be9d7c9e50b609bdfa940a77513d

    • SHA256

      a6b8f510c4b6f3cc0f10e364360da9c46f6fd7de22eed90116950d19d1acea14

    • SHA512

      9209d0f6dbd5c86927507e31b0b69f0beda728dbf75ee799e1d6497bfa51ff83abdc34edac9cd388f8a60998cd556ad35a7f9e45b0c426cf8b0dbe3e2427b1b7

    • SSDEEP

      384:abppLOWwY/Mc/yJrildGJiK3E5j3QxVV1yXxxqePhEuUW6D8jnsXcuGf8x0iRDCT:abTLF2klXC6hxXBYRj9FATn

    Score
    3/10
    • Target

      resources/app/node_modules/@electron/remote/dist/src/common/get-electron-binding.js

    • Size

      441B

    • MD5

      0106cf7d56f545a842d9b502c8e71f18

    • SHA1

      c3367470051e2e92e8237c7336247dd82bdcf7b0

    • SHA256

      f857a19eec43c9f8d97736c86057064c5b71fc14f6e773d1d7b1c268598bd309

    • SHA512

      d8713654bfe110315c6edccec830cf1e07c50f9d226d23be6d291c0c65ed52386fb19603d9b70aa7bb28a790236562574d33cbd49b2046c3e09d4eb2289d3695

    Score
    3/10
    • Target

      resources/app/node_modules/@electron/remote/dist/src/common/ipc-messages.js

    • Size

      77B

    • MD5

      8963201168a2449f79025884824955f2

    • SHA1

      b66edae489b6e4147ce7e1ec65a107e297219771

    • SHA256

      d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230

    • SHA512

      7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

    Score
    3/10
    • Target

      resources/app/node_modules/@electron/remote/dist/src/common/module-names.js

    • Size

      1KB

    • MD5

      14276b7b32717dc8dc7b650eb8d130f3

    • SHA1

      982c496f24937e7ffba0b7ef4634c75f1081d73b

    • SHA256

      dfcea2c5575d2db51cb38b22c6b4958337746e6d75ba827f450a57b196856c16

    • SHA512

      58b13a89d03bf375a89a8e6cc4932d6a4e66eff54855d7fddf966ff6d90c3d5b2376a20216941cfc7ced2755edd5565633c2904b9b5432a5624fc0a3f006e950

    Score
    3/10
    • Target

      resources/app/node_modules/@electron/remote/dist/src/common/type-utils.js

    • Size

      3KB

    • MD5

      c70855b91decfa97bb38c04014e304e3

    • SHA1

      c6fc5f8877769e1d4210689f587fd5a4cf5fa5c7

    • SHA256

      4e4e7bda21b242e517b9b1b582a15a45e8135bc7f7b1f0e9b33e56181dea3ee8

    • SHA512

      41901684ada330b6aa143822ed2119df26be5ece733282ada2446c63676ba956990a414c5ca736d055d508ac4c0623aba72a4f471ad1861c2b59ed2ea3a88080

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

qrlink
Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
7/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10