Overview

overview

10

Static

static

8

KWFLPC.exe

windows7_x64

10

KWFLPC.exe

windows10-2004_x64

7

out.exe

windows7_x64

out.exe

windows10-2004_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KWFLPC.exe

  • Size

    423KB

  • Sample

    220522-dq7r9sacdk

  • MD5

    1cd8a018b6af07d08c22bd6429014b0e

  • SHA1

    1939f5b1f15389106b84cdfe51bf9f3ba6b3c473

  • SHA256

    6410f220fdbd34dae565f5fba45e85107741c13d19a91b3126e735fbe0425606

  • SHA512

    b61df7dd7c5ff11345c6a3d4aacc00578c983769481872d08a08459765953688b0d67a9ce7bc1dcdfeadc64e274581a8129689098e35f26ab32bbf208d76bdb5

Score
10/10
evasionransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      KWFLPC.exe

    • Size

      423KB

    • MD5

      1cd8a018b6af07d08c22bd6429014b0e

    • SHA1

      1939f5b1f15389106b84cdfe51bf9f3ba6b3c473

    • SHA256

      6410f220fdbd34dae565f5fba45e85107741c13d19a91b3126e735fbe0425606

    • SHA512

      b61df7dd7c5ff11345c6a3d4aacc00578c983769481872d08a08459765953688b0d67a9ce7bc1dcdfeadc64e274581a8129689098e35f26ab32bbf208d76bdb5

    Score
    10/10
    evasionspywarestealertrojanransomware

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

    • Target

      out.upx

    • Size

      649KB

    • MD5

      4784f46349580337e4e10e28f4be2328

    • SHA1

      6f532b038ad3755f48142a4bea5a06d5b7aa0151

    • SHA256

      729e122992558c9de7b8ca2509ee7531151319c14ec0dd1e0fed11e0784d4a29

    • SHA512

      d564ce7cf97ec342050284333ebbb2940216588f83c494051c2c4709604d9a8fba83f741708336d40938a2ca5a6a0231463788f06cfa56decebed8be7c7675c9

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Tasks