‘银狐’肆虐,奇安信情报沙箱助力识别
Tags
attack-pattern: Software - T1592.002
Common Information
Type Value
UUID f92c1d95-dab6-4965-94ea-b87b52d4cb45
Fingerprint 4fdffb7dcd9076d1
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 16, 2024, midnight
Added to db Dec. 17, 2024, 11:38 a.m.
Last updated Dec. 23, 2024, 12:17 p.m.
Headline ‘银狐’肆虐,奇安信情报沙箱助力识别
Title ‘银狐’肆虐,奇安信情报沙箱助力识别
Detected Hints/Tags/Attributes 8/1/134
RSS Feed
Attributes
Details Type #Events CTI Value
Details Domain 32
sandbox.ti.qianxin.com
Details Domain 19
setup.zip
Details Domain 2
ggfy.yongchengs.top
Details Domain 2
36o.sdoepfl.icu
Details Domain 2
s60.nnhywl.cn
Details Domain 2
liul3.odnxjw.cn
Details Domain 2
quakr.top
Details Domain 2
ggmi.momliao.com
Details Domain 2
kkw.ajoiel.cn
Details Domain 2
kkt.jefhbi.cn
Details Domain 2
xrrkk.zzdoo.cn
Details Domain 2
xr.xi856d.estate
Details Domain 4
weishi.zzdoo.cn
Details Domain 2
3los.idwos2349.top
Details Domain 2
gangyun245r.top
Details Domain 5
s3.ap-southeast-1.amazonaws.com
Details Domain 2
ysjfhsy.aws
Details Domain 2
36oliulanq-setups-guangwang.zip
Details Domain 2
yfshfsj2.aws
Details Domain 2
30.zip
Details Domain 2
pub-8ed16f91310345e590de9dd62d2b6ac3.r2.dev
Details Domain 2
anzhuangs-1326698919.cos.ap-guangzhou.myqcloud.com
Details Domain 2
sunloginsupe.zip
Details Domain 2
pub-37eebc2746d84c518cd61f7ae2dc06eb.r2.dev
Details Domain 4702
github.com
Details File 19
setup.zip
Details File 2
主机行为的进程信息显示压缩包中的chormegpt_install.exe
Details File 1
c:\users\admin\appdata\roaming\gdfinstall.exe
Details File 2
点击chormegpt_install.exe
Details File 2
向%appdata%目录中写入gdfinstall.exe
Details File 3
和gameuxinstallhelper.dll
Details File 2
34下载释放的gdfinstall.exe
Details File 2
点击gdfinstall.exe
Details File 2
可以看到加载了下载的gameuxinstallhelper.dll
Details File 5
gameuxinstallhelper.dll
Details File 2
34下载gdfinstall.exe
Details File 103
download.php
Details File 2
压缩包中仅含chormegpt_install.exe
Details File 3
白加黑的gameuxinstallhelper.dll
Details File 2
与chormegpt_install.exe
Details File 2
执行的导出函数vfpower首先调用cmd.exe
Details File 2
落地updated.ps1
Details File 2
和policymanagement.xml
Details File 5
通过cmd.exe
Details File 2
执行updated.ps1
Details File 2
并在成功添加后将updated.ps1
Details File 2
首先注入svchost.exe
Details File 3
并使用schtasks.exe
Details File 4
gdfinstall.exe
Details File 2
36oliulanq-setups-guangwang.zip
Details File 2
30.zip
Details File 2
x64-kuake.msi
Details File 2
sunloginsupe.zip
Details File 3
32.zip
Details File 21
3.zip
Details Github username 8
monoxgas
Details Github username 3
killeven
Details Github username 4
idov31
Details Github username 2
blacksnufkin
Details md5 2
29f5b882672831acdd59c1627fdffb5c
Details md5 2
CF748E03790AD8666B4C831205EFAC5E
Details md5 2
056F3C9C5E49D25B4BCB1E2BFB7CC4F0
Details md5 2
B53E8F927CFFF5DF17823155AEBEAB32
Details md5 2
5B28FFF10A95A4F52253235250C727A6
Details md5 2
BC617ACE915A3E56CFBD2D5523B6BBEB
Details md5 2
29F5B882672831ACDD59C1627FDFFB5C
Details md5 2
B201F835FF30732D1E741E97D44BDE2C
Details md5 2
B75334793AE74A2F860522AAB0BF25D4
Details md5 2
D9ED64C7852603F04805D3575BFF53C0
Details md5 2
EF41A99D88F14DF92FB0169FDCD1F42C
Details md5 2
3073E91A288C9E8FF9F131416660D62F
Details md5 2
8531437DB60D02A9ACA6AAC370F87545
Details md5 2
93F51ADAEF9D7FE2448FEDD3F0BA2339
Details md5 2
888B78F699EC1803203691ADB70C2F7B
Details md5 2
AF348B109CB5B4960FABF8AF0C821EC1
Details md5 2
3607956AC07FC8C2D17E8D5B8061DC9D
Details md5 2
97371DE008823A1B2982C8A04C150C21
Details md5 2
07AA96FF21E8236309A0C022897A4FEF
Details md5 2
0FFF1F5201918D894926B1EC5216F41B
Details md5 2
2C1EA161308DBCABFA9FC4579CB0AB97
Details md5 2
341B88AFCE61D20B5F05D331736F2D29
Details md5 2
2D486EDD40E390C3FEE362D2BA971848
Details md5 2
73C0EBD56B58ECD16EC87712B1C99290
Details md5 7
D41D8CD98F00B204E9800998ECF8427E
Details md5 2
039322D393C9932DF206F25D7E22F57D
Details md5 2
5E938B56D424974500E1D54A4F145890
Details md5 2
0FAD52CA924581631C281F1785EAFAB5
Details md5 2
CF2B939DFD00491A3264E72785E3E9E3
Details md5 2
B6010A7EC99886E81CF291ACBD593435
Details md5 2
FC48B4E8CDF5F08BB0FD45FEEA9C9A34
Details md5 2
8ed16f91310345e590de9dd62d2b6ac3
Details md5 2
37eebc2746d84c518cd61f7ae2dc06eb
Details IPv4 3
134.122.134.93
Details IPv4 3
154.82.68.34
Details IPv4 2
64.12.10.32
Details IPv4 2
118.107.44.219
Details IPv4 2
45.204.84.3
Details IPv4 3
38.60.94.134
Details IPv4 2
195.130.202.232
Details IPv4 2
154.19.163.84
Details IPv4 2
45.195.148.20
Details Url 94
https://sandbox.ti.qianxin.com/sandbox/page
Details Url 2
https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=azoql_ifonzsmf3
Details Url 2
https[://ggfy.yongchengs.top/download.php
Details Url 2
https[://ggfy.yongchengs.top/uploads/202412/installshield
Details Url 2
https://36o.sdoepfl.icu
Details Url 2
https://s60.nnhywl.cn
Details Url 2
https://liul3.odnxjw.cn
Details Url 2
https://quakr.top
Details Url 2
https://ggmi.momliao.com
Details Url 2
https://kkw.ajoiel.cn/kugou
Details Url 2
https://kkt.jefhbi.cn/kugou
Details Url 2
https://kkt.jefhbi.cn/shurufa
Details Url 2
https://xrrkk.zzdoo.cn
Details Url 2
https://xr.xi856d.estate
Details Url 4
https://weishi.zzdoo.cn
Details Url 2
https://3los.idwos2349.top
Details Url 2
https://gangyun245r.top
Details Url 2
https://ggfy.yongchengs.top
Details Url 2
http[://154.82.68.34:16653/gdfinstall.exe
Details Url 2
http[://154.82.68.34:16653/gameuxinstallhelper.dll
Details Url 2
https[://s60.nnhywl.cn/download.php
Details Url 2
https[://s3.ap-southeast-1.amazonaws.com/ysjfhsy.aws/36oliulanq-setups-guangwang.zip
Details Url 2
https[://s3.ap-southeast-1.amazonaws.com/yfshfsj2.aws/36opvcer-wieaomztinrso1.1.30.zip
Details Url 2
https[://pub-8ed16f91310345e590de9dd62d2b6ac3.r2.dev/x64-kuake.msi
Details Url 2
https[://anzhuangs-1326698919.cos.ap-guangzhou.myqcloud.com/sunloginsupe.zip
Details Url 2
https[://jbleawe56545w.oss-ap-northeast-2.aliyuncs.com/dhwiafiw1210/360-setups_vvindow_64.12.10.32.zip
Details Url 2
https[://pub-37eebc2746d84c518cd61f7ae2dc06eb.r2.dev/beta360weishi-11.3.zip
Details Url 2
https://github.com/monoxgas/srdi/tree/master
Details Url 2
https://github.com/killeven/dlltoshellcode
Details Url 3
https://github.com/idov31/nidhogg
Details Url 2
https://github.com/blacksnufkin/byovd
Details Windows Registry Key 6
HKEY_CURRENT_USER\Console\0
Details Windows Registry Key 2
HKEY_LOCAL_MACHINE\SOFTWARE\IpDates_info