6b7e88f90ff2d3c13edcf5b66ab5866a22642d15fb6f13e4a6bee256dd356078 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Wondershare_Filmora.rar
Size

153.7MB
Sample

221125-r8zq9seg68
MD5

129270779a1c640e9614c2122e116053
SHA1

6b6779f7822aed5c29fcfeb94110d295dbb205a4
SHA256

6b7e88f90ff2d3c13edcf5b66ab5866a22642d15fb6f13e4a6bee256dd356078
SHA512

0361bf8a1f8ba075ab242083cd16f902f198ff3f14e8c056d38dd63e6968245da07a65b2e4d757350c3a8ad1037500dd3dbff1343b9721884930e34ec43749e3
SSDEEP

1572864:hWlihnEBgJbymxWKE/OYPV/zM28PUJFzLA98gAEz9figzDcR5CNfIT2Q:dBEapamYxMkLApz9r+8q2Q

Score

8^/10

Malware Config

Targets

- Target
  
  Filmora.exe
- Size
  
  364KB
- MD5
  
  93fde4e38a84c83af842f73b176ab8dc
- SHA1
  
  e8c55cc160a0a94e404f544b22e38511b9d71da8
- SHA256
  
  fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
- SHA512
  
  48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
- SSDEEP
  
  6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2