HiddenGh0st Malware Attacking MS-SQL Servers - ASEC BLOG
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 867c747f-1284-4d24-8188-296ddbd92602 |
| Fingerprint | 95149a53e1f7c085 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 21, 2023, 4:33 p.m. |
| Added to db | Oct. 24, 2023, 1:12 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | HiddenGh0st Malware Attacking MS-SQL Servers |
| Title | HiddenGh0st Malware Attacking MS-SQL Servers - ASEC BLOG |
| Detected Hints/Tags/Attributes | 74/3/58 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/57185/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | leifenghackyuankong.e3.luyouxia.net |
|
| Details | Domain | 4 | www.taobao.com |
|
| Details | File | 1 | qq进程保护程序.exe |
|
| Details | File | 2 | getip.php |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 33 | 360tray.exe |
|
| Details | File | 21 | 360sd.exe |
|
| Details | File | 14 | kxetray.exe |
|
| Details | File | 7 | ksafetray.exe |
|
| Details | File | 12 | qqpcrtp.exe |
|
| Details | File | 5 | hipstray.exe |
|
| Details | File | 4 | baidusd.exe |
|
| Details | File | 4 | baidusafetray.exe |
|
| Details | File | 6 | kvmonxp.exe |
|
| Details | File | 14 | ravmond.exe |
|
| Details | File | 8 | quhlpsvc.exe |
|
| Details | File | 6 | mssecess.exe |
|
| Details | File | 15 | cfp.exe |
|
| Details | File | 5 | spider.exe |
|
| Details | File | 11 | acs.exe |
|
| Details | File | 8 | v3svc.exe |
|
| Details | File | 10 | avgwdsvc.exe |
|
| Details | File | 6 | f-secure.exe |
|
| Details | File | 119 | avp.exe |
|
| Details | File | 45 | mcshield.exe |
|
| Details | File | 4 | knsdtray.exe |
|
| Details | File | 11 | tmbmsrv.exe |
|
| Details | File | 10 | avcenter.exe |
|
| Details | File | 13 | ashdisp.exe |
|
| Details | File | 28 | rtvscan.exe |
|
| Details | File | 5 | remupd.exe |
|
| Details | File | 22 | vsserv.exe |
|
| Details | File | 4 | psafesystray.exe |
|
| Details | File | 3 | ad-watch.exe |
|
| Details | File | 8 | k7tsecurity.exe |
|
| Details | File | 6 | unthreat.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 4 | plugin.dll |
|
| Details | File | 1 | getmp.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | hiddencli.exe |
|
| Details | File | 2 | passthrough.sys |
|
| Details | File | 1 | %systemdirectory%\drivers\qassist.sys |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 31 | lsm.exe |
|
| Details | File | 16 | audiodg.exe |
|
| Details | File | 31 | generic.c4 |
|
| Details | File | 1 | qassist.sys |
|
| Details | md5 | 1 | 5750b8de793d50a8f9eaa777adbf58d4 |
|
| Details | md5 | 1 | 69cafef1e25734dea3ade462fead3cc9 |
|
| Details | md5 | 1 | 0d92b5f7a0f338472d59c5f2208475a3 |
|
| Details | md5 | 1 | 4e34c068e764ad0ff0cb58bc4f143197 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | http://www.taobao.com/help/getip.php |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\Select |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\BITS |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\Setup |