Panda’s New Arsenal: Part 3 Smanager (via Passle)
Tags
| country: | Japan Russia |
| attack-pattern: | Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | b588f4f2-14c4-4936-857d-02282e1abf12 |
| Fingerprint | 49518069a200c76b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 11, 2020, midnight |
| Added to db | Sept. 11, 2022, 12:32 p.m. |
| Last updated | Oct. 16, 2024, 2:20 a.m. |
| Headline | Panda’s New Arsenal: Part 3 Smanager |
| Title | Panda’s New Arsenal: Part 3 Smanager (via Passle) |
| Detected Hints/Tags/Attributes | 24/2/46 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 7z.cab |
|
| Details | Domain | 1 | vgca.homeunix.org |
|
| Details | Domain | 1 | office365.blogdns.com |
|
| Details | Domain | 1 | coms.documentmeda.com |
|
| Details | Domain | 1 | freenow.chickenkiller.com |
|
| Details | Domain | 2 | www.eofficeupdating.com |
|
| Details | File | 5 | vvsup.exe |
|
| Details | File | 1 | とsaceventlog.exe |
|
| Details | File | 1 | %userprofile%\test\7z.cab |
|
| Details | File | 1 | 7z.cab |
|
| Details | File | 1 | c:\windows\apppatch\netapi32.dll |
|
| Details | File | 5 | smanager_ssl.dll |
|
| Details | File | 1 | winexecでrundll32.exe |
|
| Details | File | 1 | saceventlog.exe |
|
| Details | File | 1 | はvvsup.exe |
|
| Details | File | 1 | 及びsaceventlog.exe |
|
| Details | File | 1 | smanagerx64_release_tcp.dll |
|
| Details | File | 1 | 私達はvvsup.exe |
|
| Details | File | 1 | この検体はsmanager_ssl.dll |
|
| Details | File | 1 | enteryやservicemainというexport関数が実装されているという特徴もsmanager_ssl.dll |
|
| Details | File | 1 | coms.doc |
|
| Details | File | 1 | complaint.docx |
|
| Details | File | 1 | 最終的にwinhepp.exe |
|
| Details | File | 1 | winhepp.exe |
|
| Details | File | 1 | だと思われるhelper.exe |
|
| Details | File | 31 | helper.exe |
|
| Details | File | 1 | bbsratがrundll32.exe |
|
| Details | sha256 | 3 | f659b269fbe4128588f7a2fa4d6022cc74e508d28eee05c5aff26cc23b7bd1a5 |
|
| Details | sha256 | 1 | 1d9bc6939e2eceb3e912f158e05e04cadc1965849c4eb2c96e37e51a7d4f7aa5 |
|
| Details | sha256 | 3 | 97a5fe1d2174e9d34cee8c1d6751bf01f99d8f40b1ae0bce205b8f2f0483225c |
|
| Details | sha256 | 1 | 02f1244310dd527d407ebcef07c5431306c56c1b28272b8d4e59902b3df537c8 |
|
| Details | sha256 | 1 | c129d892a5e2d17c38950fdf77a0838edc1fa297a4787414e90906f7cb8f43b8 |
|
| Details | sha256 | 1 | 1fff4faa83678564aefb30363f0cbe2917d2a037d3d8e829a496e8fd1eca24c9 |
|
| Details | sha256 | 1 | 58012504861dee4663ecaa4f2b93ca245521103f4c653b2dd0032a583db8f0af |
|
| Details | sha256 | 1 | 17bc9b7c7df4acd42e795591731e568cb040d6908d892f853af777d5f05c8806 |
|
| Details | sha256 | 1 | 338502691f6861ae54e651a25a08e62eeca9febc6830978a670d44caf3d5d056 |
|
| Details | sha256 | 1 | d5f96b3b677ac68e45d4297e392b14a52678c2758a4030d2f6ad158027508c6d |
|
| Details | sha256 | 1 | 00badf016953ec740b61f4ba27c5886a6460f6abba98819e00bde51574e0ebf4 |
|
| Details | sha256 | 1 | e8156ec1706716cada6f57b6b8ccc9fb0eb5debe906ac45bdc2b26099695b8f5 |
|
| Details | sha256 | 1 | feaba29072531b312e3bd0152b9c17c48901db7c8d31019944e453ca9b1572e2 |
|
| Details | IPv4 | 4 | 192.168.0.107 |
|
| Details | IPv4 | 1 | 10.0.14.196 |
|
| Details | IPv4 | 1 | 154.202.56.188 |
|
| Details | IPv4 | 1 | 154.210.12.20 |
|
| Details | IPv4 | 1 | 45.77.45.228 |
|
| Details | Windows Registry Key | 4 | HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows |