35c91f63fa6179ffcd6def655a2fc07e38ac7145a355c2077fac1b3c19ff6a87 | Triage

Sharing

General

Target

WeChatBackup.exe
Size

4.6MB
Sample

230419-jtj39sba51
MD5

f81556b4227fcbbec8dc7bf92c829c51
SHA1

8b3101ea19f929b5e9d90efc0c7693962fa33fa3
SHA256

35c91f63fa6179ffcd6def655a2fc07e38ac7145a355c2077fac1b3c19ff6a87
SHA512

ba18ddb9ada8e39e37411c28824dc2b4f253224cb63517f5092edc0208e43fdaa82a867d6b24a6b71a4b0c374aebdf17a9920f6cc20b92028b1cda0730a09701
SSDEEP

98304:gFZocjOYCIossQIyn2mz/AqrKHUzJbE6UE4LqCk1n+hAcTOGa672e97OLG:5cjOY9os7rz4qrKHUzJblg21nkAzGaaN

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  WeChatBackup.exe
- Size
  
  4.6MB
- MD5
  
  f81556b4227fcbbec8dc7bf92c829c51
- SHA1
  
  8b3101ea19f929b5e9d90efc0c7693962fa33fa3
- SHA256
  
  35c91f63fa6179ffcd6def655a2fc07e38ac7145a355c2077fac1b3c19ff6a87
- SHA512
  
  ba18ddb9ada8e39e37411c28824dc2b4f253224cb63517f5092edc0208e43fdaa82a867d6b24a6b71a4b0c374aebdf17a9920f6cc20b92028b1cda0730a09701
- SSDEEP
  
  98304:gFZocjOYCIossQIyn2mz/AqrKHUzJbE6UE4LqCk1n+hAcTOGa672e97OLG:5cjOY9os7rz4qrKHUzJblg21nkAzGaaN
Score

8^/10

evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1