Overview - Attributes

Details Type #Events CTI Value
Details Url 1
https://decoded.avast.io/threatresearch/decrypted-bianlian-ransomware/.
Details Domain 1
fandesjinkderunha.com
Details File 1
qwsw.exe
Details File 1
58f13-readme.txt
Details Domain 1
hertionkadesinpoion.com
Details sha256 1
f69fb7049f7a75f75c3a6bba86741b8ccdd28dbf7fe65bc0c7700c3905447512
Details sha256 1
d950a94534129202aa308f22d6c3d33f71af884d5556671a2b7f6ba8994cc995
Details Domain 1
kykbonsa.com
Details sha256 1
1f327163478eff3a64a7af170098c10a482df67fd9454b5f64078be516b200f1
Details Domain 1
madesunjinkdieonrunhasde.com
Details Domain 1
pazmogutionsa.com
Details sha256 1
c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72
Details Windows Registry Key 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\56f13af3
Details Windows Registry Key 1
HKCU\software\56f13af3\56f13af3
Details Windows Registry Key 1
HKCU\software\classes\virtualstore\machine\software
Details Domain 1
sadefunkionyunhderuns.com
Details Url 3
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a.
Details File 1
wsmanclient.dll
Details File 1
导入表中包含了上面列出的ace.dll
Details File 1
其在导出函数中会读取vmguestlibjava.db
Details File 1
cars.png
Details File 1
search.gif
Details File 1
而另一个通过查看导出表发现dll名为http.dll
Details File 1
文件的白利用技术加载恶意的mcvsocfg.dll
Details File 1
组织在横向移动过程中会在内网的目标机器上使用msbuild.exe