Overview - Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Url | 1 | https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/. |
|
Details | Domain | 1 | fandesjinkderunha.com |
|
Details | File | 1 | qwsw.exe |
|
Details | File | 1 | 58f13-readme.txt |
|
Details | Domain | 1 | hertionkadesinpoion.com |
|
Details | sha256 | 1 | f69fb7049f7a75f75c3a6bba86741b8ccdd28dbf7fe65bc0c7700c3905447512 |
|
Details | sha256 | 1 | d950a94534129202aa308f22d6c3d33f71af884d5556671a2b7f6ba8994cc995 |
|
Details | Domain | 1 | kykbonsa.com |
|
Details | sha256 | 1 | 1f327163478eff3a64a7af170098c10a482df67fd9454b5f64078be516b200f1 |
|
Details | Domain | 1 | madesunjinkdieonrunhasde.com |
|
Details | Domain | 1 | pazmogutionsa.com |
|
Details | sha256 | 1 | c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72 |
|
Details | Windows Registry Key | 1 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\56f13af3 |
|
Details | Windows Registry Key | 1 | HKCU\software\56f13af3\56f13af3 |
|
Details | Windows Registry Key | 1 | HKCU\software\classes\virtualstore\machine\software |
|
Details | Domain | 1 | sadefunkionyunhderuns.com |
|
Details | Url | 3 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a. |
|
Details | File | 1 | wsmanclient.dll |
|
Details | File | 1 | 导入表中包含了上面列出的ace.dll |
|
Details | File | 1 | 其在导出函数中会读取vmguestlibjava.db |
|
Details | File | 1 | cars.png |
|
Details | File | 1 | search.gif |
|
Details | File | 1 | 而另一个通过查看导出表发现dll名为http.dll |
|
Details | File | 1 | 文件的白利用技术加载恶意的mcvsocfg.dll |
|
Details | File | 1 | 组织在横向移动过程中会在内网的目标机器上使用msbuild.exe |