General
-
Target
wps_office_inst.bin.zip
-
Size
2.8MB
-
Sample
221228-lflfaaaa96
-
MD5
32a619ff023beef2cdd274653f0ba0ba
-
SHA1
4968730a575328881a4fcc7b5bbebe3e00179792
-
SHA256
a98cc25206131a8332af1f840b12438cc337576ab3b60e8d808590fabfe99f1d
-
SHA512
db6f2318c773a436b726e8d971ee49d1dcc3139dcfe41fde2949f4e6fcf42d557fadb188bbc74d9b3dcc983f35e94cb0aa8d44d17b18cea00e8e8f14805ec616
-
SSDEEP
49152:ATDsqA1KjQJeT5joXs5TTWjS71iKtYR1oI4DMfBhOFdbJKhLGain+ZMtph+drAl8:GsyjeeTVDG271iKStffT0bJ3ainzKACv
Static task
static1
Behavioral task
behavioral1
Sample
wps_office_inst.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
wps_office_inst.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
wps_office_inst.bin
-
Size
5.2MB
-
MD5
0774933894f8d4e54675e959efe06c42
-
SHA1
2d2c240494065a2d71b6cbdd40dc90e0f809dd43
-
SHA256
1050973ea42dc8afcfb9d037450e9ab9485f08afcfec3d0c3f4a6fe71800cd7e
-
SHA512
b33f5614fcabe88177dea07df7d608013e162919bb2f313ec6e3eb4b8eb16a8f4a0ea9d3e7823920c45bb5c136a51f0ca7b8d10b7539ca9885ca59430213fadb
-
SSDEEP
98304:vYCjhUpyGHZFZgoGAEh3YsbLGzkY83nJfDUTPY37/uxl:vopyGHHyogxe7MJLUqu
Score10/10-
Modifies system executable filetype association
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-