Overview

overview

8

Static

static

1

ORDER-ZWL ...48.exe

windows7-x64

8

ORDER-ZWL ...48.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER-ZWL 0736449574 ZWL0106245448.gz

  • Size

    695KB

  • Sample

    230209-qh6apadb7x

  • MD5

    e761e8b3646ccc084ed533c407671083

  • SHA1

    002f76096f7e26c53fcebc362a9d4ec93de90fac

  • SHA256

    6b60dd70bf55a384960f59186c966024419c766d6f973013849bbfd56ece32e0

  • SHA512

    91e364d00adbffb96bfd233927ba9940666b515c7e99a080e6e1b48332a012804246fe0056609f36879b34f5181bf06bb693ce6101d017ba6f5587e5e786bba0

  • SSDEEP

    12288:NH+aK7ugfoHfPuQyTqVONH+B7yPYLr+o9J1CfOIQ8mZjoV2B/hSsvRaOU16e4:NHADCycONH+B7sgr+o9+Q8mZ0gBEsvIM

Score
8/10

Malware Config

Targets

    • Target

      ORDER-ZWL 0736449574 ZWL0106245448.exe

    • Size

      847KB

    • MD5

      4e24c3cc0229d67159a96f9ece6b5230

    • SHA1

      f36607ab16280da8e1b0d5e19480bbbdbfbe08f6

    • SHA256

      1beedf169fbe9c1228d77e5f3b8d4117d592e7d98e57c2cf7888f042b031b243

    • SHA512

      8c600dee529055d0f22a08b357061b4fcb0a1849f6b7547a60d77d1dcc00d863bd9c6db1841d578549776bccfc7b4a04fa1145b91f1166ac233a4c776a03b63b

    • SSDEEP

      24576:9HCtn9BoO/NhSQlQXDmkyuOTH+BXec78o9+Q8Afiez4OvQa:6BKLD9eA79TODg

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks