Overview
overview
10Static
static
32024po.exe
windows7-x64
42024po.exe
windows10-2004-x64
4Timo.exe
windows7-x64
1Timo.exe
windows10-2004-x64
10[D]2024年...��.exe
windows7-x64
1[D]2024年...��.exe
windows10-2004-x64
1点击此�...��.exe
windows7-x64
8点击此�...��.exe
windows10-2004-x64
7票9254523...��.exe
windows7-x64
1票9254523...��.exe
windows10-2004-x64
1考勤异�...��.exe
windows7-x64
1考勤异�...��.exe
windows10-2004-x64
1General
-
Target
4x(24-06-27).rar
-
Size
30.6MB
-
Sample
240627-ssramaxeje
-
MD5
d968f62a6d7bb3187c25b1eb53e0dae8
-
SHA1
3e1c59a45a923b15b7f32f5a1cc246be07b58c08
-
SHA256
a47ef1b22b4797187294ec207237a8195273dab7d4543d46d5d23dafe520f853
-
SHA512
b9711c7b8a2fa7fb6257d13738662e3ab381693aa642a68f28f7a705b18e520cfb74d8e88ab04bfa8dd87d45f97bd86366ec5e3f33cb799b1cec833be6d5fe18
-
SSDEEP
786432:B72Jh0QWV3emCsQFEebPIGRl6XdXdf2zL:B72Jh0CTqaRSXpUL
Static task
static1
Behavioral task
behavioral1
Sample
2024po.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024po.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Timo.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Timo.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
[D]2024年移动合作方人员出入管理门禁安装程序.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
[D]2024年移动合作方人员出入管理门禁安装程序.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
点击此处安装语言包.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
点击此处安装语言包.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
票925452362131助手.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
票925452362131助手.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
考勤异常信息统计结果查询工具.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
考勤异常信息统计结果查询工具.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
cobaltstrike
http://weibogaming.icu:80/share.js
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) Host: weibogaming.icu
Targets
-
-
Target
2024po.exe.vir
-
Size
24.9MB
-
MD5
a85707d05ff5a760afb050684ff7ec53
-
SHA1
3e65e8722e8fb2590d6eb51621ac116d9e06e39d
-
SHA256
f02847218879d4b9b16378ae8c217ae0d767f5a89eacdaa73b9abbe7371dff14
-
SHA512
9f36107b78363dbc637297b6f0dd395174ed86254f9a0d8a14ef2b73315915591b4e45a26d1601cad2a718d2e5b507a2fce9dcf13b2a95ef1f5c7a593b18eb91
-
SSDEEP
786432:Jsbf9sI8h2PdCeixMdSC7BMwOY9F2lGEA:Cghws4eY2G
Score4/10 -
-
-
Target
Timo.exe.vir
-
Size
192KB
-
MD5
5ec5fd2a7ab1e0d940897a2ae2cbb537
-
SHA1
98422219f54f90ed0ba93e1d568ff1e57cdbc0e9
-
SHA256
176e5d0fdb77b787e6ea0622eaffffde1ed810a14393b15f1793b51a57a50be9
-
SHA512
c2832bb147a1e231e1fd052538802ded7fbf08d563a98984ea94d4b376d4da666b3a6cf4032f609fc2ce5ba3218097a62d0df974bc4dd14c57fe6c3706114ff6
-
SSDEEP
3072:J6Bu8MeIh9kxFYlCR2zjkYavxyVCve9ehIe5NIgPA9FTJjcUyWU:JpKxFYlCR2zQYMwIOeE9AUfU
Score10/10 -
-
-
Target
[D]2024年移动合作方人员出入管理门禁安装程序.exe.vir
-
Size
1.2MB
-
MD5
31d12c85fad4c87d200f24834dbdd54d
-
SHA1
dff64c7fe5060c5beb8d3387f58daf2fcfef42a4
-
SHA256
5bb87482aca08d98dd1391f7b0f1a394b6a2e42f3ecf212f002f62e2059bd0c5
-
SHA512
b12ed5e81ce97f9efa3ef1381f892577422517a24724dc977d65e0cc72ee3e2b22dfee21f796c976eb1e5aa2b5b3bbfa017d2100e8787791dad27c6d7d71d374
-
SSDEEP
12288:FICsXIYPcFFydh2ZkcnahSEiXhxGIknEJMq2BDaok1JyDx:2CsXxcih2znu0GIvJh1JyDx
Score1/10 -
-
-
Target
点击此处安装语言包.exe.vir
-
Size
10.8MB
-
MD5
44ce97dc5b3054dfb4999933219887b7
-
SHA1
23cedb5e66fbc1cf3c86a8812d6189ed3dd88b17
-
SHA256
af884204ca0845632eb01c3a37a9d5609f2b7065b884500658da60080eaab617
-
SHA512
e602db55a559e6c8f96d8dc222af5debc0025675d6fcf8e98e89d4efbd65811819d1e6c8c3467576b850ceb25e0891edb1b648e130caf66046fbc643a584ae04
-
SSDEEP
196608:PB/vhOCUMgKCZFB4IS+9G0eBF/6FLOyomFHKnPdfxxEBB2XCQkfLoaxA4JN1cdDD:PdJOCdgxZFBVeBUFqJbnf
Score8/10-
Adds policy Run key to start application
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
票925452362131助手.exe.vir
-
Size
804KB
-
MD5
5adea3ab683a21d39d75b6aab6f9cd10
-
SHA1
ca614a981a394a88a42d43492b0a737527bff171
-
SHA256
8719467326ae08e270854cdef37e5ca93f33a7411002b5f61f9796659e91c8e4
-
SHA512
85825cd5d64018177b66fcaa3506687af49a958d401e2865875233b04b53694c4a973c458965a97db47ec6cbc545c1671135214cdbb8d4fdc705965be69d954b
-
SSDEEP
12288:9HjaxBmJ3owhLHLHXQbKODmKvg0HTLbCf7cKSyfIxF6YUx6tcJza1:lqBw31LbQbLmKBjCf7cZL6hx6GJG
Score1/10 -
-
-
Target
考勤异常信息统计结果查询工具.exe.vir
-
Size
6.5MB
-
MD5
33b53d552861ded63f1c39eb195732fa
-
SHA1
db3eb7f683fc782b1149b35927c03ec039d80ee1
-
SHA256
2da3ae187b621059a4e9c2be286d79d5b4e3371c3d2a1cdb2f76f7b895aff47e
-
SHA512
d5016eaab5b64cd185345163556b4373366b6d048bd0d02e849c86fd2d478968c13db3f789c0c1789a20e141d8f17cc941f0a6b37b2676768b57804e101f9c5c
-
SSDEEP
98304:IGd53n+zkSfHlHLtSEqtoixB0N5RWgz2yI32w6DU:fbjKlrZSlB0QgzioU
Score1/10 -