aaf7c54dad03528bc3a028f8a945b97d7ae5d8ff7b0ebb18f0be3ca111f049ae

General

Target

aaf7c54dad03528bc3a028f8a945b97d7ae5d8ff7b0ebb18f0be3ca111f049ae
Size

5.5MB
Sample

250220-m3plwsvq12
MD5

ee09234a4d48f83bcb5cffa557e3de3a
SHA1

449f586e29a56dc0b1371a8032343de60fff2ddd
SHA256

aaf7c54dad03528bc3a028f8a945b97d7ae5d8ff7b0ebb18f0be3ca111f049ae
SHA512

2801ddb8f1e7f4ced387cc2c6a855f948f68257b1c1436237069e8b2af78390e321a955bdd5e40eb49b8ae1b7f867b28ab6048831f5b0d802701680cbbda83ae
SSDEEP

98304:0KhDCU+R7n6O6YBTbKt46j3dPx4gLAGBc2kH0cd+Qd7AYoRFlYbUCOSS:0Khh+lL66TetJLRLAQc2kfvMLFlYbUQS

Score

10^/10

Malware Config

Targets

- Target
  
  3、相关工具/禁制win电脑系统更新工具/Windows Update Blocker 1.7/Wub_x64.exe
- Size
  
  924KB
- MD5
  
  418dff42eea894a227f78935fbd8b059
- SHA1
  
  24c587c6f765bbbbe70f0d4c2f3a8654e8667a25
- SHA256
  
  bf79bb5da35061353485c7369cc5ecc9cecc79de7543bd71ce73f7192d0f6ec3
- SHA512
  
  ce7f3281dae81006edd545442d32cfe4ffa706964a0a8fc6e8c768fa1ca8a6b92a05a052b57849a73a5d6ecc70c1e4be3a858ddaae21f59a351ee226e248468d
- SSDEEP
  
  24576:q2DW/xbgX2YIbBQsu3/PNLKQ4HyAvsT7GUcUHJb:q2EUXgQsW/PNWQojUcUpb
Score

10^/10

defense_evasion
- Modifies security service
  defense_evasion
behavioral1 behavioral2
- Target
  
  dControl/dControl.exe
- Size
  
  447KB
- MD5
  
  58008524a6473bdf86c1040a9a9e39c3
- SHA1
  
  cb704d2e8df80fd3500a5b817966dc262d80ddb8
- SHA256
  
  1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
- SHA512
  
  8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
- SSDEEP
  
  6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score

10^/10

defense_evasion discovery evasion trojan upx
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies security service
  defense_evasion
- Windows security modification
  defense_evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  3、相关工具/谷歌浏览器安装.exe
- Size
  
  9.9MB
- MD5
  
  530630b5a09b9f4d326ad25ffc08fb6c
- SHA1
  
  13986e951b626098d32bf8c84b2e69cbf66c4957
- SHA256
  
  29f3d94a5f05d632a204033049f6e1888601494a90674992fdb2ee9fc8094df2
- SHA512
  
  98e48a4b1b191ad1fe4383fcc2126791442cf073da860384fc54a28237d1476414f41733c7dcd01a793a0b21c029c892ee8bb0e105513ccc98e4e6e63ef5569e
- SSDEEP
  
  196608:VpjYZ94Z6AhJ5NtGdDDIauMJZZCgdaTos7s4QA/rmYeus5dvXCKsJdVV3qHDYyYN:VpjwKZF5LGdDDvJZZCgdwbcAheus5xX2
Score

6^/10

defense_evasion discovery persistence privilege_escalation spyware stealer trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5