Overview
overview
10Static
static
3-°¦n+¦++.exe
windows7-x64
1PC远控测试-.exe
windows7-x64
3vip文件�...��.exe
windows7-x64
10菲律宾�...P4.exe
windows7-x64
6远程控�...2).exe
windows7-x64
3远程控�...2).exe
windows7-x64
3远程控�...�-.exe
windows7-x64
3远程控�...�-.exe
windows7-x64
3钱包收�...2).exe
windows7-x64
3钱包收�...�-.exe
windows7-x64
3General
-
Target
chinese telegram shit lol.rar
-
Size
8.2MB
-
Sample
241218-z9z3essrer
-
MD5
58033d556161da7f1a3e06d572ff9a3d
-
SHA1
85747cfdef83885e211ae59281296d559e8ad993
-
SHA256
f5d8f3789b735ac3a21997797feaf45101ed73315e2a31434618f4f902b9317b
-
SHA512
0d6bf7304d97e4d99f7c5c82185d76a745004ec75892bec95b4703384d50e6436be0e4ecbb135b222fea9aab76aa0566dfd1440b116a00ed16999e974942cb24
-
SSDEEP
196608:LH+H/GbhpNrRGbhpNrEKKQdo+rqEOpJXxDdRHAaHx20Fqk7tQFZhmEe:EGbhpNrRGbhpNrDK0oQqTpBxDdRHnx+s
Behavioral task
behavioral1
Sample
-°¦n+¦++.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
PC远控测试-.exe
Resource
win7-20240708-en
Behavioral task
behavioral3
Sample
vip文件捆绑器.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
菲律宾王小柔疫情期间宾馆做爱视频流出.MP4.exe
Resource
win7-20241010-en
Behavioral task
behavioral5
Sample
远程控制 测试- (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
远程控制 测试- (2).exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
远程控制 测试-.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
远程控制 测试-.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
钱包收款地址强制更改器- (2).exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
钱包收款地址强制更改器-.exe
Resource
win7-20240729-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
http://klkjwre77638dfqwieuoi888.info/
Targets
-
-
Target
-°¦n+¦++.exe
-
Size
1.6MB
-
MD5
fa829b4b0756226de8b2b479f91c82f2
-
SHA1
9073db73807de596b99bec8ff7c54da632afb399
-
SHA256
b6cd133de42501483a7ba656c8727fe3f69961f0d9e3be7bafaf7747c68df775
-
SHA512
4cce7a3bc488e3c1108cd43305c182d56287345379123c8800055305d8bff6f6bf2b01e5f7f49d140c8d2b1f965b879de53bebca38755aa386b730d610e3d2ad
-
SSDEEP
49152:YrI6IISPM8EtQYJ7z0NdzF1Ech9P7Hg4F8hmslwX9:YYdPM3tQWf0jR19h9zUNg9
Score1/10 -
-
-
Target
PC远控测试-.exe
-
Size
2.6MB
-
MD5
b044b1bd454046017979442448a8e390
-
SHA1
ded32e08fde6485cd314872f0b5ee9d8b66233d2
-
SHA256
e351be996b4035fddffa0cbf6385568263edb38da2f6997487c15ac5fef3d905
-
SHA512
2334eeec197ff2ea07edb8ec165ad0fd3494d29adebfea4131c91081adb5705a9fc0f8683941869f7aaefc114857049001ca241aed585ec8dea42b2c76b305f8
-
SSDEEP
49152:VB38U5zFk1NhxsDT1T47R5FPfnH/EZUlimHQB5TxTE4CYn1bfHY2o:VtV74xswQBJxtf1b
Score3/10 -
-
-
Target
vip文件捆绑器.exe
-
Size
1.4MB
-
MD5
234673b74b8cf63fd7632fd016d5bf97
-
SHA1
b8879f89fb52c9a28adf6cb7a76fc4153a9ee498
-
SHA256
4f60677b90c4ef6a130b8df6ecacce77b8a3c10e2a38d9e76b03b169ae83f4cd
-
SHA512
5994c95447a37afae559dd4846b8ca9af4e6dd6450145d3201ecc66cfd0377b61bbc47a454f6934e08fe2bc1c64b5ed8705e2006542e8029cdd5ae7551107b13
-
SSDEEP
24576:89BQEqTGgNnJhiK54h0IvBkEp3W8AD/Dhd+y4lqJ8QdCYDoDNKn0RbpaoG8vn+Q:83XgtJhT9IvBsvD/DX+y4onCYDoDlNao
-
Modifies firewall policy service
-
Sality family
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
-
-
Target
菲律宾王小柔疫情期间宾馆做爱视频流出.MP4.bat
-
Size
340KB
-
MD5
f2b6aae38b2a7d7eccd29f0293420d72
-
SHA1
da9209e98438a66c6453010f65e2b5c427382963
-
SHA256
db0c34fd60009271f420ab7adaf04d4476d7939892b217930fffcb9757be60e2
-
SHA512
d3c49e2d6fb731c747144e1bb301f390aeb34b1e399c841bc76287519d6ad13cb34e4a3ae24986b0f43e94c31d40e357d51d360a436b7651a4d539c8fad99951
-
SSDEEP
6144:uAtrKrjDnYCADp9VekbJ2tPJKA1jImwa6mcF:DmYpDFbJ2s0jIxmc
Score6/10-
Adds Run key to start application
-
-
-
Target
远程控制 测试- (2).bat
-
Size
1.9MB
-
MD5
44726e1af933ac9132a40f8c00c44e48
-
SHA1
b18df355daf0060c46d1eda4f7e068c1788405c2
-
SHA256
455d89a6e91d21bfb20ecd18f48faf8bfe67a3e3e115d737695aa1fc3883e2b4
-
SHA512
74e4eace0b660e1a12701533dea886218b9846fad69d5316aa835196f8713eb6ae68402b5281d27e9274aab40f1a3762bb98ddc4a5e54b24a13be8a784515c71
-
SSDEEP
49152:ArC7FLl2Fk6TN8pO3LEKx5iM8h5ZTvS8mQZ47Kxc1cAArVJiVjefVFLS:fLl2Fk6TaO3LEKx5i5ZTSjQZ4mxi/ark
Score3/10 -
-
-
Target
远程控制 测试- (2).exe
-
Size
1.9MB
-
MD5
44726e1af933ac9132a40f8c00c44e48
-
SHA1
b18df355daf0060c46d1eda4f7e068c1788405c2
-
SHA256
455d89a6e91d21bfb20ecd18f48faf8bfe67a3e3e115d737695aa1fc3883e2b4
-
SHA512
74e4eace0b660e1a12701533dea886218b9846fad69d5316aa835196f8713eb6ae68402b5281d27e9274aab40f1a3762bb98ddc4a5e54b24a13be8a784515c71
-
SSDEEP
49152:ArC7FLl2Fk6TN8pO3LEKx5iM8h5ZTvS8mQZ47Kxc1cAArVJiVjefVFLS:fLl2Fk6TaO3LEKx5i5ZTSjQZ4mxi/ark
Score3/10 -
-
-
Target
远程控制 测试-.bat
-
Size
1.9MB
-
MD5
1abafb07254557a7e1c4045d16765c4d
-
SHA1
024ff7967ccc6e1237e74d23f2fab9840994a03b
-
SHA256
b784b6c6eb56fb91cb881a18e5e5ce630c96b5e49b131363c4776a097bb4bdea
-
SHA512
f24eabcdcfc932a9fb15042e200f8b2caf41cb2d7e718977fbaf16a14d8e1bbcf29cf7d7bdca715e0e26a88f7162b2ae8a4c2968f8036d940fd0e96d1ccf959f
-
SSDEEP
49152:lzvq2Kp7NXRRBChNoRhUfERKbVNK7hiwUOdj4rhEOX66VEl56r:o2Kp7NXlChNoRhRAbVNK7hiw14rKm669
Score3/10 -
-
-
Target
远程控制 测试-.exe
-
Size
1.9MB
-
MD5
1abafb07254557a7e1c4045d16765c4d
-
SHA1
024ff7967ccc6e1237e74d23f2fab9840994a03b
-
SHA256
b784b6c6eb56fb91cb881a18e5e5ce630c96b5e49b131363c4776a097bb4bdea
-
SHA512
f24eabcdcfc932a9fb15042e200f8b2caf41cb2d7e718977fbaf16a14d8e1bbcf29cf7d7bdca715e0e26a88f7162b2ae8a4c2968f8036d940fd0e96d1ccf959f
-
SSDEEP
49152:lzvq2Kp7NXRRBChNoRhUfERKbVNK7hiwUOdj4rhEOX66VEl56r:o2Kp7NXlChNoRhRAbVNK7hiw14rKm669
Score3/10 -
-
-
Target
钱包收款地址强制更改器- (2).exe
-
Size
2.2MB
-
MD5
4aa53cd852b2160cfe36a6623e099649
-
SHA1
63dadd832dc0c5d5a40a229a48bc5aa01ab59bc6
-
SHA256
3b98e8614b4244e0ffe0ddb86a07d8d35524ec36bc4a79ea89b556d246738ee1
-
SHA512
444f967c9c73435156746a82acaba6af74f7eb458b03e17e1f9cabbe7eae9f2bc106d9c798660ad2c1ac96211072c1e93f0c8e499770ee60987f381ab2d42bf8
-
SSDEEP
49152:ZQSZnqs5EVcsYSijtkw9ga68mhcAP0xYHw/ZgAa0h7hYs8Id69UVgx6y:WkqKEVc7tkw9g98mHPCYHw/+Mh9Zfd6J
Score3/10 -
-
-
Target
钱包收款地址强制更改器-.exe
-
Size
1.8MB
-
MD5
3009b7339dc5d42d9e303b44f0ac909d
-
SHA1
b2dd5280172f5b3f6580fbc9ef668752d76cccf6
-
SHA256
52575ef4a36b8a7c426e53dc595f7ec4680e972125a106aab51799e74dda2a45
-
SHA512
9c6b58083f241ea948d6e0445d228e0f7e0edc2c5a5f907328c27555d5febdff5e0f111e89dc1ca5490e487618ca35c12f60f0b945452615bee698476f47030d
-
SSDEEP
49152:YYDYIdixGgyRXDBRomq2hI+Vz7SAjqElseu/V5fLBYA9ULRUh:YhIdcGFx9Romq2G+VHSAjqEaJVhV1ULq
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6