TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

カスタムドロッパーのごまかし

【概要】

■SWEEDのキャンペーン

時期 内容
2017年 ステガノグラフィ
2018年1月 Java ドロッパー
2018年4月 Office エクスプロイト(CVE-2017-8759)
2018年5月 Office エクスプロイト(CVE-2017-11882)
2019年 Office マクロと AutoIT ドロッパー


【ブログ】

◆カスタムドロッパーのごまかし (Talos(CISCO), 2019/12/11)
https://gblogs.cisco.com/jp/2019/12/talos-custom-dropper-hide-and-seek/


【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)
  ◆サイバー犯罪組織 (まとめ)

◆SWEED (まとめ)
https://malware-log.hatenablog.com/entry/SWEED


【インディケータ情報】

■ハッシュ情報(Sha256) - 実行ファイル-

d076ed9b31172c37a0d6bafae0c18d559f62453f52c17d41dc2e24fd55a91e4a
1c46332d2a0ab693ed1086f8ee78df47798361b4156619e2488cbb6851063373
003ee7d88f3a04cfc1b96744b060170d80da75589c67deaf65adb02d45616bb5
16f9a14d045fa28708710b5a089e1d1a361c8f5702a8574989b1935072c14a1d
4030b864bcff5bd617e3be273387eec3857b019d20b59c8f2f0710f1b1876ede
5246d87a5a69e7d50e7475bda5f9a74c3585188f0c937fcebebdf168043decd7
59880d4c59643d7b268082696931dcbe966780eef072f1150d1ac65dbc95d222
651c520971bc931dc3760b077a8ecd2fd3a7e4535afe2f0fd208168dc2a501e1
694dcad0105052b3b74678a9c0e4ad3c17e8a3e87314863751296d58aa263b23
a758516e200a5afb49ab2082c433fa59a8dbe2cf28973da6691a74759de479e1
b61a6d30e268a406f52aca04cc2a82853968f3516e38d2b5522e9fa5d4c0d3f5
e1954e26d6e82da6906441f30d133ad56b0154777128278d355365da475c4db4
F7303285a2039ab934b696fec43e54fc5c8ab5c6332c62a78891da71f3c2fb82

(以上は Talos(CISCO)の情報: 引用元は https://gblogs.cisco.com/jp/2019/12/talos-custom-dropper-hide-and-seek/ )


■ハッシュ情報(Sha256) - ARJファイル -

667519d5fea7b6137de2845dc900cf2813c8fd8c8476b107fe9a281e7aa5248d
198dcc8511236212410e248d66c86236e1f23a79459a4c61aca5c8b913c9539c

(以上は Talos(CISCO)の情報: 引用元は https://gblogs.cisco.com/jp/2019/12/talos-custom-dropper-hide-and-seek/ )


■ハッシュ情報(Sha256) - 関連ファイル -

09dbe016c180e28b748f932805fc35170e348f3201d6939fc2b8368466c69315
10739410391018cedb2bdf6804c4506ea256695935afc34be786894e5cc80602
176d4d6ef5adb9655f63931914fe06688418d6ce62a3bbe6d6f09ccad53cca2f
4059c87e8d39f69e1fb3bc5d094af1dafca73e8b662eb8d6bb850bfb10d1e92e
421a642d23630ee480094dcb51f6ad6dc2430015d54cddbe0dbf299ee26869d4
51aa560a3709127d26dfb9289ec7d9b020558a0ad33b638bbddfaab6b180d7c3
61ee8edf4e9241ac3f5922547577e2c9b6a589b7402845be68c9e4bf377143b4
754fcf3ef2216f15750393c9ee580d1de9bb8b5834532183a7ef09a109b3990f
7a611fac9133845b29b73be71d1e08f2a82ee04a470b11bb0a25692da7c8caed
82ef16248078738591cc548e611a8ce22cb6b30db3ce123bd2900b0ddf644dba
94c3bbcf5af25417b755d9168cf6146b2de52658d8b909e0cdc38efde98df9fc
96bad87dae87cb2c73ce0e2f092dc68adc02a09cc2f549d1a4f390e42c41bf08
a2b174b1679d1a508c70acd2626e297c85aee3da5d50b5a0c7388960b6085c4a
a5ddd6719e9ced4f18289103a47bf39ad0e221fcac7ce00ed8e7180865b3c63a
aa295b39e3c9fbae2370bfc3bc03528a13fe5ee30d3497fff053fd4ab2ba790f
b7d790f4e11364d50c32a0a36fe7c9e159073c905fb4462c8d95e31ea608ede5
be7edfa65d420d6210b5e488b25ffe8a4fc1c37f9f358de97e0915d535766e74
d5cd5875253dbabb6548d96a290e73d196f6db250af8c3ec316d855ef7660f5a
da5d248dc77bd464c25fe5ad21ca62e58c69c4cc10cf27a13985432acfa6fd39
ddee0696d2062e1706c368c5066392d56e804c707d6923397cf66d56d2016773
de8fdea527ec9751531f15e727a7221103c5158bf14651faf19e648ec9652a0f
e480512a207fc9809035b273dd6c35fcd6caf8829ce5b9d81cc82f2d3b2d5394
e4b55be3eccbac57200e1c5e56d324afa23fdb8b12aba8d5be235b083b5afe0d
f05329ffcf221c72570e214a62fb8f04633c8d9e405a4278fd9360e738d9d779
f39c3cea5b1edcc71db1eb140b21f2aa56d9aee87c6d77528b84697aa9b19739
f6f35c3cbf83450d1fecb7101784e6cc89fa13b994ae16199087c2c5119984d3
fc2e81038c1cf19c40b9586889197446b426e8e4ed208931a616d838448fdd23
fc7cf41f41bb94253d946d5db29d65697464772af341e9a2bb20dffb943e716e
fe56eb80eb5b119b5c4e56811592029c4d8674061d4fbe89f8174cc4b403cfbf

(以上は Talos(CISCO)の情報: 引用元は https://gblogs.cisco.com/jp/2019/12/talos-custom-dropper-hide-and-seek/ )


【検索】

google: d076ed9b31172c37a0d6bafae0c18d559f62453f52c17d41dc2e24fd55a91e4a
google: 1c46332d2a0ab693ed1086f8ee78df47798361b4156619e2488cbb6851063373
google: 003ee7d88f3a04cfc1b96744b060170d80da75589c67deaf65adb02d45616bb5
google: 16f9a14d045fa28708710b5a089e1d1a361c8f5702a8574989b1935072c14a1d
google: 4030b864bcff5bd617e3be273387eec3857b019d20b59c8f2f0710f1b1876ede
google: 5246d87a5a69e7d50e7475bda5f9a74c3585188f0c937fcebebdf168043decd7
google: 59880d4c59643d7b268082696931dcbe966780eef072f1150d1ac65dbc95d222
google: 651c520971bc931dc3760b077a8ecd2fd3a7e4535afe2f0fd208168dc2a501e1
google: 694dcad0105052b3b74678a9c0e4ad3c17e8a3e87314863751296d58aa263b23
google: a758516e200a5afb49ab2082c433fa59a8dbe2cf28973da6691a74759de479e1
google: b61a6d30e268a406f52aca04cc2a82853968f3516e38d2b5522e9fa5d4c0d3f5
google: e1954e26d6e82da6906441f30d133ad56b0154777128278d355365da475c4db4
google: F7303285a2039ab934b696fec43e54fc5c8ab5c6332c62a78891da71f3c2fb82

google: 667519d5fea7b6137de2845dc900cf2813c8fd8c8476b107fe9a281e7aa5248d
google: 198dcc8511236212410e248d66c86236e1f23a79459a4c61aca5c8b913c9539c

google: 09dbe016c180e28b748f932805fc35170e348f3201d6939fc2b8368466c69315
google: 10739410391018cedb2bdf6804c4506ea256695935afc34be786894e5cc80602
google: 176d4d6ef5adb9655f63931914fe06688418d6ce62a3bbe6d6f09ccad53cca2f
google: 4059c87e8d39f69e1fb3bc5d094af1dafca73e8b662eb8d6bb850bfb10d1e92e
google: 421a642d23630ee480094dcb51f6ad6dc2430015d54cddbe0dbf299ee26869d4
google: 51aa560a3709127d26dfb9289ec7d9b020558a0ad33b638bbddfaab6b180d7c3
google: 61ee8edf4e9241ac3f5922547577e2c9b6a589b7402845be68c9e4bf377143b4
google: 754fcf3ef2216f15750393c9ee580d1de9bb8b5834532183a7ef09a109b3990f
google: 7a611fac9133845b29b73be71d1e08f2a82ee04a470b11bb0a25692da7c8caed
google: 82ef16248078738591cc548e611a8ce22cb6b30db3ce123bd2900b0ddf644dba
google: 94c3bbcf5af25417b755d9168cf6146b2de52658d8b909e0cdc38efde98df9fc
google: 96bad87dae87cb2c73ce0e2f092dc68adc02a09cc2f549d1a4f390e42c41bf08
google: a2b174b1679d1a508c70acd2626e297c85aee3da5d50b5a0c7388960b6085c4a
google: a5ddd6719e9ced4f18289103a47bf39ad0e221fcac7ce00ed8e7180865b3c63a
google: aa295b39e3c9fbae2370bfc3bc03528a13fe5ee30d3497fff053fd4ab2ba790f
google: b7d790f4e11364d50c32a0a36fe7c9e159073c905fb4462c8d95e31ea608ede5
google: be7edfa65d420d6210b5e488b25ffe8a4fc1c37f9f358de97e0915d535766e74
google: d5cd5875253dbabb6548d96a290e73d196f6db250af8c3ec316d855ef7660f5a
google: da5d248dc77bd464c25fe5ad21ca62e58c69c4cc10cf27a13985432acfa6fd39
google: ddee0696d2062e1706c368c5066392d56e804c707d6923397cf66d56d2016773
google: de8fdea527ec9751531f15e727a7221103c5158bf14651faf19e648ec9652a0f
google: e480512a207fc9809035b273dd6c35fcd6caf8829ce5b9d81cc82f2d3b2d5394
google: e4b55be3eccbac57200e1c5e56d324afa23fdb8b12aba8d5be235b083b5afe0d
google: f05329ffcf221c72570e214a62fb8f04633c8d9e405a4278fd9360e738d9d779
google: f39c3cea5b1edcc71db1eb140b21f2aa56d9aee87c6d77528b84697aa9b19739
google: f6f35c3cbf83450d1fecb7101784e6cc89fa13b994ae16199087c2c5119984d3
google: fc2e81038c1cf19c40b9586889197446b426e8e4ed208931a616d838448fdd23
google: fc7cf41f41bb94253d946d5db29d65697464772af341e9a2bb20dffb943e716e
google: fe56eb80eb5b119b5c4e56811592029c4d8674061d4fbe89f8174cc4b403cfbf


【VT検索】

https://www.virustotal.com/gui/file/d076ed9b31172c37a0d6bafae0c18d559f62453f52c17d41dc2e24fd55a91e4a
https://www.virustotal.com/gui/file/1c46332d2a0ab693ed1086f8ee78df47798361b4156619e2488cbb6851063373
https://www.virustotal.com/gui/file/003ee7d88f3a04cfc1b96744b060170d80da75589c67deaf65adb02d45616bb5
https://www.virustotal.com/gui/file/16f9a14d045fa28708710b5a089e1d1a361c8f5702a8574989b1935072c14a1d
https://www.virustotal.com/gui/file/4030b864bcff5bd617e3be273387eec3857b019d20b59c8f2f0710f1b1876ede
https://www.virustotal.com/gui/file/5246d87a5a69e7d50e7475bda5f9a74c3585188f0c937fcebebdf168043decd7
https://www.virustotal.com/gui/file/59880d4c59643d7b268082696931dcbe966780eef072f1150d1ac65dbc95d222
https://www.virustotal.com/gui/file/651c520971bc931dc3760b077a8ecd2fd3a7e4535afe2f0fd208168dc2a501e1
https://www.virustotal.com/gui/file/694dcad0105052b3b74678a9c0e4ad3c17e8a3e87314863751296d58aa263b23
https://www.virustotal.com/gui/file/a758516e200a5afb49ab2082c433fa59a8dbe2cf28973da6691a74759de479e1
https://www.virustotal.com/gui/file/b61a6d30e268a406f52aca04cc2a82853968f3516e38d2b5522e9fa5d4c0d3f5
https://www.virustotal.com/gui/file/e1954e26d6e82da6906441f30d133ad56b0154777128278d355365da475c4db4
https://www.virustotal.com/gui/file/F7303285a2039ab934b696fec43e54fc5c8ab5c6332c62a78891da71f3c2fb82

https://www.virustotal.com/gui/file/667519d5fea7b6137de2845dc900cf2813c8fd8c8476b107fe9a281e7aa5248d
https://www.virustotal.com/gui/file/198dcc8511236212410e248d66c86236e1f23a79459a4c61aca5c8b913c9539c

https://www.virustotal.com/gui/file/09dbe016c180e28b748f932805fc35170e348f3201d6939fc2b8368466c69315
https://www.virustotal.com/gui/file/10739410391018cedb2bdf6804c4506ea256695935afc34be786894e5cc80602
https://www.virustotal.com/gui/file/176d4d6ef5adb9655f63931914fe06688418d6ce62a3bbe6d6f09ccad53cca2f
https://www.virustotal.com/gui/file/4059c87e8d39f69e1fb3bc5d094af1dafca73e8b662eb8d6bb850bfb10d1e92e
https://www.virustotal.com/gui/file/421a642d23630ee480094dcb51f6ad6dc2430015d54cddbe0dbf299ee26869d4
https://www.virustotal.com/gui/file/51aa560a3709127d26dfb9289ec7d9b020558a0ad33b638bbddfaab6b180d7c3
https://www.virustotal.com/gui/file/61ee8edf4e9241ac3f5922547577e2c9b6a589b7402845be68c9e4bf377143b4
https://www.virustotal.com/gui/file/754fcf3ef2216f15750393c9ee580d1de9bb8b5834532183a7ef09a109b3990f
https://www.virustotal.com/gui/file/7a611fac9133845b29b73be71d1e08f2a82ee04a470b11bb0a25692da7c8caed
https://www.virustotal.com/gui/file/82ef16248078738591cc548e611a8ce22cb6b30db3ce123bd2900b0ddf644dba
https://www.virustotal.com/gui/file/94c3bbcf5af25417b755d9168cf6146b2de52658d8b909e0cdc38efde98df9fc
https://www.virustotal.com/gui/file/96bad87dae87cb2c73ce0e2f092dc68adc02a09cc2f549d1a4f390e42c41bf08
https://www.virustotal.com/gui/file/a2b174b1679d1a508c70acd2626e297c85aee3da5d50b5a0c7388960b6085c4a
https://www.virustotal.com/gui/file/a5ddd6719e9ced4f18289103a47bf39ad0e221fcac7ce00ed8e7180865b3c63a
https://www.virustotal.com/gui/file/aa295b39e3c9fbae2370bfc3bc03528a13fe5ee30d3497fff053fd4ab2ba790f
https://www.virustotal.com/gui/file/b7d790f4e11364d50c32a0a36fe7c9e159073c905fb4462c8d95e31ea608ede5
https://www.virustotal.com/gui/file/be7edfa65d420d6210b5e488b25ffe8a4fc1c37f9f358de97e0915d535766e74
https://www.virustotal.com/gui/file/d5cd5875253dbabb6548d96a290e73d196f6db250af8c3ec316d855ef7660f5a
https://www.virustotal.com/gui/file/da5d248dc77bd464c25fe5ad21ca62e58c69c4cc10cf27a13985432acfa6fd39
https://www.virustotal.com/gui/file/ddee0696d2062e1706c368c5066392d56e804c707d6923397cf66d56d2016773
https://www.virustotal.com/gui/file/de8fdea527ec9751531f15e727a7221103c5158bf14651faf19e648ec9652a0f
https://www.virustotal.com/gui/file/e480512a207fc9809035b273dd6c35fcd6caf8829ce5b9d81cc82f2d3b2d5394
https://www.virustotal.com/gui/file/e4b55be3eccbac57200e1c5e56d324afa23fdb8b12aba8d5be235b083b5afe0d
https://www.virustotal.com/gui/file/f05329ffcf221c72570e214a62fb8f04633c8d9e405a4278fd9360e738d9d779
https://www.virustotal.com/gui/file/f39c3cea5b1edcc71db1eb140b21f2aa56d9aee87c6d77528b84697aa9b19739
https://www.virustotal.com/gui/file/f6f35c3cbf83450d1fecb7101784e6cc89fa13b994ae16199087c2c5119984d3
https://www.virustotal.com/gui/file/fc2e81038c1cf19c40b9586889197446b426e8e4ed208931a616d838448fdd23
https://www.virustotal.com/gui/file/fc7cf41f41bb94253d946d5db29d65697464772af341e9a2bb20dffb943e716e
https://www.virustotal.com/gui/file/fe56eb80eb5b119b5c4e56811592029c4d8674061d4fbe89f8174cc4b403cfbf


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020