Overview

overview

8

Static

static

wwlib.dll

windows7_x64

8

wwlib.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wwlib.dll

  • Size

    52KB

  • Sample

    200712-14dgnqc6fj

  • MD5

    c6206b8eacabc1dc3578cec2b91c949a

  • SHA1

    93e8445862950ef682c2d22a9de929b72547643a

  • SHA256

    4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04

  • SHA512

    ffdda3a16b877e07e86271e58326e5b6fd4655e3d96b77c123efbfb0523f81435713e2aad425559de9f151ae4069d9a8b1f5ced6ea730cd8219e85dccda11669

Score
8/10
persistence

Malware Config

Targets

    • Target

      wwlib.dll

    • Size

      52KB

    • MD5

      c6206b8eacabc1dc3578cec2b91c949a

    • SHA1

      93e8445862950ef682c2d22a9de929b72547643a

    • SHA256

      4cef5835072bb0290a05f9c5281d4a614733f480ba7f1904ae91325a10a15a04

    • SHA512

      ffdda3a16b877e07e86271e58326e5b6fd4655e3d96b77c123efbfb0523f81435713e2aad425559de9f151ae4069d9a8b1f5ced6ea730cd8219e85dccda11669

    Score
    8/10
    persistence

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks