21249bb0ad8b3391ebc28b1817037326c18f5b3d566e8a59de8f0d2d6202a6b7 | Triage

Sharing

General

Target

Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022) by Keff.rar
Size

219.1MB
Sample

230128-psv22agc4w
MD5

fc45942e0b9d0cfd175397c35f273015
SHA1

b2b85ea3a2829414acb75f7b3cb4b303dd9247dd
SHA256

21249bb0ad8b3391ebc28b1817037326c18f5b3d566e8a59de8f0d2d6202a6b7
SHA512

cde62dccfd2d893522286c490f5324e23acafcf438350de248010c91a0058b392f22e5dee37cdd1f5fb3ada242c02f5da40ae7a353dabde39d4c1c95bfc5feb4
SSDEEP

6291456:lXDORmOgaMLERcA3J1uK4I16pA+xK5pWM7EfaDRYBcv:NDAmOgDDA3J1uKXx+xyWQoaDFv

Score

8^/10

discovery exploit

Malware Config

Targets

- Target
  
  Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022) by Keff.rar
- Size
  
  219.1MB
- MD5
  
  fc45942e0b9d0cfd175397c35f273015
- SHA1
  
  b2b85ea3a2829414acb75f7b3cb4b303dd9247dd
- SHA256
  
  21249bb0ad8b3391ebc28b1817037326c18f5b3d566e8a59de8f0d2d6202a6b7
- SHA512
  
  cde62dccfd2d893522286c490f5324e23acafcf438350de248010c91a0058b392f22e5dee37cdd1f5fb3ada242c02f5da40ae7a353dabde39d4c1c95bfc5feb4
- SSDEEP
  
  6291456:lXDORmOgaMLERcA3J1uK4I16pA+xK5pWM7EfaDRYBcv:NDAmOgDDA3J1uKXx+xyWQoaDFv
Score

3^/10
behavioral1 behavioral2
- Target
  
  Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare UniConverter 14.1.6.107 (x64) Multilingual/Readme.txt
- Size
  
  485B
- MD5
  
  8e188af9d329fc2c933a3216990a5610
- SHA1
  
  c18c9b864ed1c28ade11820b4cc75e5fc7a0219b
- SHA256
  
  b43538fe7a602e13c82af920d953292dc2b034db5e1a655f3db924b3ff582cb4
- SHA512
  
  1c77d5c9b4d55d37b4a43c5c72b44235360248b3904681910bc248d6744cd1999dae15cea0e4650150cf951e4e449e5de4e531c005bcb9df9fac3a64f4d3ca1c
Score

1^/10
behavioral3 behavioral4
- Target
  
  Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare UniConverter 14.1.6.107 (x64) Multilingual/WUCv13.xPv1.2.zip
- Size
  
  806KB
- MD5
  
  c8de48bda93617d31101b417aac06fc5
- SHA1
  
  e86bb70f4aeb168a2790d8d7ca8db8d514bcbf37
- SHA256
  
  61baa9778af44f564ad7867bcf21b7cdefbde99d6c51845007b26b6884834f59
- SHA512
  
  1ea43984ccc0b1b568a364fe1dd9f398973356284aa68e5ea11ca59690b2cf08750e00a47ff835e271167fd70768c761477e756ea4789b0a0f5988eac0c8ff2a
- SSDEEP
  
  24576:Ir6leZsYpObwyeLXChhWoKOn7TipMe3ifZ5:5eZsYpOboChhWkn7Ti6e05
Score

1^/10
behavioral5 behavioral6
- Target
  
  WUC v13.x Patcher v1.2.zip
- Size
  
  806KB
- MD5
  
  9fedd2943832a9a91d20b2e3c32dbac1
- SHA1
  
  ebc0aef7b72813ef648286c471858a4bd1eedd08
- SHA256
  
  803b53b72eea6fd63e3ce6e8b607334d75c4fcfed79d4d0c8ab45b76e683c6d3
- SHA512
  
  588b6f30539843f0d7d1e8c3173a62bd8e8654191a8317cee2c766e2bc9aab5e7475e4fcd23ea444ba4b2a81b21829fdf4dc76473d7ba727f4e5379a176d773d
- SSDEEP
  
  24576:Pr6leZsYpObwyeLXChhWoKOn7TipMe3ifZ4:oeZsYpOboChhWkn7Ti6e04
Score

1^/10
behavioral7 behavioral8
- Target
  
  ReadMe.txt
- Size
  
  238B
- MD5
  
  508b9daf85bd9739defc002db3932362
- SHA1
  
  94534c44e406397c132c145e5cbaa23fdbb575b8
- SHA256
  
  7ecd35b2388c8d8cb006427b0661ae5241ce4cdef4890f2a6be9896b173d407d
- SHA512
  
  7ed8bcaa754f4455eb79c690b1030657751139ab34743a27057966c9c0858a574180e485927192fb88399f25a2ba715b6716cc8041dfa6e72b10cbac314951a6
Score

1^/10
behavioral10 behavioral9
- Target
  
  WUC v13.x Patcher v1.2.exe
- Size
  
  845KB
- MD5
  
  d3be90a4767979957773651264cf12df
- SHA1
  
  539fd8157ad7a95e562bc8823ddfc1c473338efa
- SHA256
  
  0e401965392998d1866075114ce5becd70c43b1cb110ec38b5e3fe4f90de5d2b
- SHA512
  
  cc3f15b3cd10dde61088daee1947ea9f6d2534015dd428bb4d3c04e77729ee75b06ab5892c2b25f82970347c4258ac8d1318695800dad66161bddbeb9db14ab8
- SSDEEP
  
  24576:2jUSo9VvR8DaHpqXwyevV4hDWoKOH7TmpiOEwXaozYxYc:2jUSk6aHpqXC4hDWkH7TmYOA1
Score

7^/10
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare UniConverter 14.1.6.107 (x64) Multilingual/Wondershare hosts blocker.bat
- Size
  
  5KB
- MD5
  
  1badb991805bba70d8cf2961df21a758
- SHA1
  
  ec15fdc9b882ab0c10e6084d41eb33c031479281
- SHA256
  
  e7abe9cba625863dc43d9aa7c12f4a422d59bdb60cee67904d54b122365af89d
- SHA512
  
  6caaca7aa7ef76b6128424fa3a9bda97b57fbcc79d5fcbeba6819e81608a91653b831d12d62fc3492fb8306abcc07fe9f9fc37dd9e92b6187a73f50796a0dc29
- SSDEEP
  
  96:iGXNE4YsQvMyHMIoMrmKYg8Kx84Lm6E47bBZUImpog8iyK03AYt0sOeg0KGa25vJ:ip4YsQv9HvoQmKYg8Kx84Lm6E4frUIsk
Score

8^/10

discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral13 behavioral14
- Target
  
  Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare UniConverter 14.1.6.107 (x64) Multilingual/uniconverter14_64bit_full14204.exe
- Size
  
  218.3MB
- MD5
  
  74f0148fc42dee4b28d1e6dce1307e2b
- SHA1
  
  bf1f0c55985921c2eecdd73f058b5065331a62ea
- SHA256
  
  0dde78e569310a7a39333495c02c62c5e1aa53534d478ef273d5fde4958a5a58
- SHA512
  
  09e39cab379e8358bcad51cf10cfb2a6f6384a741e25907c756503324adb078c8417b00bd4bc68656608cf81b38fe2e8bb48df858a477e997f1f7500a3d59ef3
- SSDEEP
  
  6291456:nXDORmOgaMLERcA3J1uK4I16pA+xK5pWM7EfaDRYBc3:XDAmOgDDA3J1uKXx+xyWQoaDF3
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

discoveryexploit

behavioral14

discoveryexploit

behavioral15

behavioral16