Overview

overview

8

Static

static

3

idm注册�...�.docx

windows7-x64

4

idm注册�...�.docx

windows10-2004-x64

1

idm注册�....7.exe

windows7-x64

8

idm注册�....7.exe

windows10-2004-x64

8

idm注册�...��.bat

windows7-x64

1

idm注册�...��.bat

windows10-2004-x64

1

idm注册�...19.exe

windows7-x64

8

idm注册�...19.exe

windows10-2004-x64

8

idm注册�...�.html

windows7-x64

3

idm注册�...�.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddcbe331e610f3a5cd579662826404aeff1f9ca5be2db4ca3e4e0fd923cc4b48

  • Size

    12.1MB

  • Sample

    241112-lzscyazfll

  • MD5

    b30805cedbd61cb3b83e8a21a008ddf9

  • SHA1

    dce3ff926bce1a7eb27a9db7b4a45cd99ef8ec3c

  • SHA256

    ddcbe331e610f3a5cd579662826404aeff1f9ca5be2db4ca3e4e0fd923cc4b48

  • SHA512

    4705b7ac59960aa83ea5818314861a0ba6003089e4888e150b8d4b54bf25c90b7f18abbeeb00137398e868e3cc5eb46d5a0820fcb8b14b3b15c19fa89a075bc7

  • SSDEEP

    196608:8u1TrE4jMmZXD+ehM/FP2XhcboUwBvYpglPP/YhB1lq7Snar2OvygolSB4:NY44m5L8oUYvMgyh3lqHyvR0y

Score
8/10
adwarediscoveryevasionpersistencephishingprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      idm注册机激活/B站外网油管下载设置方法.docx

    • Size

      494KB

    • MD5

      7568d5a37ea13c23388c7d9b0f557ac7

    • SHA1

      012776c41fc8810f40d67bc0d92ab3c9d2c10f95

    • SHA256

      d0092c80d3cc66f8516f92561840685f8ad9617bf07953812bf2b2a106c4ad32

    • SHA512

      9dbf8f5574341d8f28e3db892ee2c521f6da2f5844da383c979bb792a3823b3d3c54111fc1dc695fd190fe0e31fa5424bcb8aa2493ada80d588e602ce5533924

    • SSDEEP

      12288:Cg43aqmEuacAQEAI1pTSPO3aJ5tloaE7JYm:T4qqmz/AQfepz3aJ/lC/

    Score
    4/10
    discovery
    behavioral1behavioral2

    • Target

      idm注册机激活/IDM_6.4x_Crack_v19.7.exe

    • Size

      59KB

    • MD5

      27016937b5781c4f84b6b3432170f4d0

    • SHA1

      bc812a8c4d44a3503ffd6a46e4fdab925c622344

    • SHA256

      fc1a02b509b8f351ac45bd45efd4e7296b365545a48ffd6a14e8e07bc7189155

    • SHA512

      24a726276cc53c5a0d075d1bf930e24b3a1891e0754b17c28a5a35b5677fd792d9adb55e5e0a7fe18f056febb8af4a49a5a0fac33389205d1f4dcc0060422be7

    • SSDEEP

      1536:5ilGC+HMax3AZ5GiavgfreZCRIr71mazhAN5TAS:5igLV3SIareERU5mazh3S

    Score
    8/10
    discoveryevasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion
    behavioral3behavioral4

    • Target

      idm注册机激活/IDM卸载后执行.bat

    • Size

      8KB

    • MD5

      66e736d158131ada43af4b98d84f880b

    • SHA1

      6ae6255d12b1aedc3218ad5593c1d7a49d3a74e0

    • SHA256

      1d83a1b5830aeef9533a2cacbabf880da6d71e17031dd1d46e1b3d3e5768d9fe

    • SHA512

      7a5896b4221608bf32a7d35fd268c896c41abc47c06a3e761f7d213a372e9d7080ed508f7bad1e3bbd9c0fd6563bfb45bf2081dc66d9c490caa8455d296b91cf

    • SSDEEP

      192:IJGsSXczOrcf1NrAfCvIzxflf0kREPTvDHbhgzrhtytc:IGdREjDHbaXic

    Score
    1/10
    behavioral5behavioral6

    • Target

      idm注册机激活/idman642build19.exe

    • Size

      11.7MB

    • MD5

      192103bacef3a33b70cecb80a1460acf

    • SHA1

      0e3ee8140234fe328a1ba397a937237acdf3aab3

    • SHA256

      25095f71f564f688bbbcedad14a192a7ad47cc4d8b14b3734423c0a955b5e8d7

    • SHA512

      cf3422b0f0baf9f985009497d28e4a03292b2fb75830fa4f17467bf0d328680c04d5d468b203d1170673443fab7daeede8fa094c3f68e1159e97ce41c6467198

    • SSDEEP

      196608:QP5pFarqiXVd99yuqWCNM5dI+UB2HEs1rS9fHNt/XZEZrAtVD2peog+cE+of:ebauiXVdLGnK22HVBSbt/ZWCKp77l+2

    Score
    8/10
    adwarediscoverypersistencephishingprivilege_escalationspywarestealer

    • Drops file in Drivers directory

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Adds Run key to start application

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral7behavioral8

    • Target

      idm注册机激活/安装及使用教程.html

    • Size

      166B

    • MD5

      2d057ea83a1857ee629ad4b2718dc9a6

    • SHA1

      ff60e7b57c0d374cb3ce01a97b36db3a7c41f85b

    • SHA256

      016419f8453f79f96f041762456b075f813a061987819a3b3614aeb0ead71731

    • SHA512

      7c4859ce86afd3645fc561c5e1228249e06ad37632e676e6b56cffd76ecca94f0b207c9db0b2edabff46d2d94c44f8ac2bbebf23f31d30c51276c5ebfc3652d4

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

6
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks