Overview

overview

8

Static

static

ZWSTt.exe

windows7_x64

8

ZWSTt.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZWSTt.exe

  • Size

    1.1MB

  • Sample

    200707-w1c6r1xs7x

  • MD5

    20e64b93aca0efbe72c29ecb1bf0b83f

  • SHA1

    6d30fd63bfe8df6f57e7de64084bc4dc76be4126

  • SHA256

    1630f3fabf80e99d1990176b5736835496bdbd74610d1e43eefd7088e2529a6e

  • SHA512

    046ace67eee709a9e260ee55d2509e99dca2aac41effc660df0cf3c93a38e09f47aad71f22a3acc2a2defcc06acbc5c266441b263e0c1507803ec0ef08069c5b

Score
8/10
discoverypersistencespyware

Malware Config

Targets

    • Target

      ZWSTt.exe

    • Size

      1.1MB

    • MD5

      20e64b93aca0efbe72c29ecb1bf0b83f

    • SHA1

      6d30fd63bfe8df6f57e7de64084bc4dc76be4126

    • SHA256

      1630f3fabf80e99d1990176b5736835496bdbd74610d1e43eefd7088e2529a6e

    • SHA512

      046ace67eee709a9e260ee55d2509e99dca2aac41effc660df0cf3c93a38e09f47aad71f22a3acc2a2defcc06acbc5c266441b263e0c1507803ec0ef08069c5b

    Score
    8/10
    persistencespywarediscovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks for installed software on the system

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks