ioc[.]one - OSINT Cyber Threat Intelligence Database

[RE023] Quick analysis and removal tool of a series of new malware variant of Panda group that has recently targeted to Vietnam VGCA

Tags

country:	China Hong Kong Japan Vietnam U.S. Virgin Islands
attack-pattern:	Data Impersonation - T1656 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	2066bc5c-1b32-46cf-a3a3-5b198ef98b43
Fingerprint	1c32bb5b27e7340b
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 3, 2021, 1:52 p.m.
Added to db	Nov. 6, 2023, 8:10 p.m.
Last updated	Nov. 16, 2024, 12:12 p.m.
Headline	UNKNOWN
Title	[RE023] Quick analysis and removal tool of a series of new malware variant of Panda group that has recently targeted to Vietnam VGCA
Detected Hints/Tags/Attributes	60/2/55

Source URLs

	Redirection	Url
Details	Source	https://blog.vincss.net/2021/07/re023-quick-analysis-and-removal-tool-series-of-new-malware-variant-of-Panda-group-that-has-recently-targeted-to-Vietnam-VGCA.html

URL Provider

Details	Provider	Source level domain
Details	vincss.net	blog.vincss.net

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	71	✔	—	https://blog.vincss.net/feeds/posts/default?alt=rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	21	cr.yp.to
Details	Domain	268	www.virustotal.com
Details	Domain	2	www.newshcm.com
Details	Domain	2	www.sexphm.com
Details	Domain	2	xxx.codepage-core.xxx
Details	Domain	2	nls.bt
Details	Domain	2	malware.report
Details	Domain	3	vincss.net
Details	Email	2	malware.report@vincss.net
Details	File	5	smanager_ssl.dll
Details	File	2	msiscsi.dll
Details	File	2	verifierpr.dll
Details	File	6	wercplsupport.dll
Details	File	2	dllsvchdtchx64.bin
Details	File	2	errorsvc.dll
Details	File	2	stuffe.dll
Details	File	2	tmp01.dat
Details	File	5	winsec.dll
Details	File	2	access.sys
Details	File	2	dllhijkdtchx64.bin
Details	File	13	wmiapsrv.exe
Details	File	2	axlnst.bin
Details	File	2	koreanflass.bin
Details	File	2	vsmapi.dll
Details	File	2	vfwwdm.dll
Details	File	2	pubiapi.dll
Details	File	2	c_xxxx.dll
Details	File	2	checkcp.exe
Details	File	2	nlsscan.exe
Details	File	11	sfc.exe
Details	sha256	2	2b15479eb7ec43f7a554dce40fe6a4263a889ba58673b7490a991e7d66703bc8
Details	sha256	2	08f2e828fe16c22515f0b8b7a5ccf9489ceeb58802ded94da4a3e13acd011e32
Details	sha256	2	4578b3bf586658c47c8db1d497a8994d7637d28f16a11af9f6af64836085d4ed
Details	sha256	2	8061df4d29ea57a420491f0db4bf37964070cc695f4b1b45af40e46194cc8c36
Details	sha256	2	4b1928dbaf68e427db2f3971ea2ff5604d210ef0dee876d57281d7e395da8c37
Details	sha256	2	d2beff6d7f5be68cdda36182d010e8103d86053fcc63f1166fec42727c26558d
Details	sha256	2	d28984576620aebfa929767ad9453fe7549c969716d41ba49cbe6ca7fae72789
Details	sha256	2	3714568d8c8b7359259e968664de3a6c13d6d7c16559dfb0a25f9aa8194e8de4
Details	sha256	2	b69d9ed06cba8eea081df01bad146abb004a4cf5fb6b296017d82ebb18975386
Details	sha256	2	5afc41060cf62d1613219caa108eb9714074479a413f4a26797c0358fc95a4db
Details	sha256	2	8dd13f34d1734d3c844474ce98a4f39244e511bafbefd59b18bb7fb0b52ce895
Details	sha256	2	9abf047566c6e9bd77120e8eb6c3503eef7c05dd4fd0abac9046d495291e5c8d
Details	sha256	2	60fe689bafb1ce4def3fab1c91e69e46b223869314e4364fa8efb12e6a0bafba
Details	sha256	2	68e871190f405131635ccaa851339c9ca3f61c3b6a9d84dbd7afc99b65edd588
Details	sha256	2	918ad6c918b26de1e112281393f6ced9141712484bb0da5f8250fb36fc0d476b
Details	sha256	2	c092546e9db9424d454cc21047d847ad93424440e7a4d339fe58fa9a4d8f6913
Details	IPv4	2	172.16.22.22
Details	Pdb	3	1.pdb
Details	Pdb	2	c:\users\machine\desktop\work\20200913\auto_firefox\x64\release\8.pdb
Details	Pdb	2	c:\dev\16\3\x64\release\f71.pdb
Details	Pdb	2	c:\dev\17d\release\7.pdb
Details	Pdb	2	c:\users\vs\desktop\auto_firefox\x64\release\8.pdb
Details	Url	2	http://cr.yp.to/snuffle/ecrypt.c
Details	Url	2	https://www.virustotal.com/gui/search/content%3a%22u0fbsp2ddytlhiq9mxseexmh7jbin3k%22/files
Details	Url	2	https://www.hybrid-analysis.com/string-search/results/08f2e828fe16c22515f0b8b7a5ccf9489ceeb58802ded94da4a3e13acd011e32