b11ef2d6726310ccbe453a875986f36a28043b49ef18b56c254ceae09dab675e

Sharing

Copy URL

Twitter E-mail

General

Target

b11ef2d6726310ccbe453a875986f36a28043b49ef18b56c254ceae09dab675e
Size

3.1MB
Sample

241226-eaqpgswmhk
MD5

4697a25e8be390acb8455a6e4a5c200f
SHA1

33fab3d3e9efb4aef0a3853712898ce62cd98b6c
SHA256

b11ef2d6726310ccbe453a875986f36a28043b49ef18b56c254ceae09dab675e
SHA512

b80a1c9690bd7f8b8b157e102d026fcc487a18ee8896953aa67be80d3ec208ef3e3efbfa259ebe3750719d488c7ec15365b6e66968fa59a78cab0242472cc835
SSDEEP

49152:TyuUsbT9v9CVG+ciEcZ2cdZ4BRA0Thd27gB62EmXGQsW/PN0QNlZA7t39Aa:2Cd8G+c4K3tqgIpQ79nDa

Score

10^/10

Malware Config

Targets

- Target
  
  最新解锁/关闭更新/【步驟2】Win停用更新工具.exe
- Size
  
  939KB
- MD5
  
  9d6778f7f274f7ecd4e7e875a7268b64
- SHA1
  
  452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa
- SHA256
  
  187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2
- SHA512
  
  d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87
- SSDEEP
  
  24576:12DW/xbqX2YIbzQsu3/PNLIQFHyBvGThpZY9:12EmXGQsW/PN0QNlZI
Score

10^/10

evasion
- Modifies security service
  evasion
behavioral1 behavioral2
- Target
  
  最新解锁/关闭杀毒/【步驟2】Win10防毒封鎖工具.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

10^/10

discovery evasion trojan upx
- Modifies security service
  evasion
- Windows security modification
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  最新解锁/原理解释/Demon.dll
- Size
  
  171KB
- MD5
  
  c32e01ebaec0c994672b56bfa5410962
- SHA1
  
  c5b05d0eed4bbf95bd91c8f20928cd9e308d1396
- SHA256
  
  9502bccba5c8855d2b4e95197624d31a67d8f52e01b8957bdddb1f9d612a3faf
- SHA512
  
  bb3527a26d129a498c8637d4f06a58e4e028ef136c65fc3ddf330fa0829f2e49f774e3d5f995da9bc2e9ffdede688c3167d8023e084b804d3237bf7cb0e7175a
- SSDEEP
  
  3072:p/eb5wQUp+tZWiO2Gg7EZ8StYmijRAaCeu9CMRM:8uQUp+tZWiO2G4VStpijmM
Score

1^/10
behavioral5 behavioral6
- Target
  
  最新解锁/原理解释/Github_Injector.exe
- Size
  
  44KB
- MD5
  
  c6508a5f25d5c4eb876f3608fdda3e1d
- SHA1
  
  80d434d84608a48fe9063290abc9213ef91fbefd
- SHA256
  
  1b33712a143629c929df3a4d08eed00939296d9134ae95f5a1f0ab216451b110
- SHA512
  
  10a23fabcb86ded64c1231803b8300573b71e3c87d4d68eed799d0c918adc528658807cd2c49b18ee8271aede21aaa53e112e869959ef9f72ca55ccb27d2f416
- SSDEEP
  
  768:CoaTn/SslKcLq97cl8iWti8e8C86a8R8W8AcTxdxi6Ykoguhn0/Rqr3:Coen/SlcLoPit/Pko9nO
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies security service

Modifies security service

Windows security modification

AutoIT Executable

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8