63ff7f699ccb77d08b4d31b6c90627cf78c2c269e5ba51d6657d4baeacee7951

Sharing

Copy URL

Twitter E-mail

General

Target

WinSetView-main.zip
Size

1.0MB
Sample

230707-y8zvlabd96
MD5

43ad0882bdd68c17faa10b399666648e
SHA1

b61ab9c82ee6d31ca79576f60da3a970d5c30578
SHA256

63ff7f699ccb77d08b4d31b6c90627cf78c2c269e5ba51d6657d4baeacee7951
SHA512

f6e9106f12a09e9c29fa0df5eae0da5e61165badc8959b423c9dbec355ae7bee7124f74ce381508ea6a799af23853ec255c4e890a1e7eedfe1207012ec961ea0
SSDEEP

12288:D3nr9jlBhvaGUBDKIInkxRmyR8KKi0lfL8355jjQR+7570GcafLxEwEOhchNeLEO:DrVlBYoYFN0VATvQu0YGvc6oIGgY

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  WinSetView-main/AppData/Win10-Example.ini
- Size
  
  14KB
- MD5
  
  81e145120110f33443c2ad239fd7f337
- SHA1
  
  75db790ae7ca9d576b37741ca6ae5885776b66ef
- SHA256
  
  b25fc0503069553c75a7e1adc240efd16a6f9087043fbe19bf563a19ab6c8e97
- SHA512
  
  d0c6ed4b2a6fcc94eac53d3493a0dd1d3fa32f913ee563d7f2a69bae8cd4d25892a423d1f198efbd04b771996e57e74448425ef94d36f6d16794c75c54fa6b62
- SSDEEP
  
  384:mZpZDZGZAZVZNZZZKZuZ8lJlXlvlvdCdWdbvdlshsosA2shP96P9RP9tZWZnUZnI:zg8V2
Score

1^/10
behavioral1
- Target
  
  WinSetView-main/AppData/Win10-Microsoft-Defaults.ini
- Size
  
  11KB
- MD5
  
  bb90470d36de116bbfd33157e4a1b758
- SHA1
  
  ac81a5569210d4e96e016f5b19395ed0e2004377
- SHA256
  
  4af0a740351393635185002535757fd671ca016123bab3fab35f05cbe2895e48
- SHA512
  
  6de13109661d58d182af1cbc2d52dd75d27e36b1daee8fe3c1a200985306fdb6953abdd14f6e84543d29b799611eabefc22de90c0fd4070f55f6feea93cda879
- SSDEEP
  
  192:MNVPyS4VFRbUVoaVuy5ybWytBSaCbDSPSe3vd7vdbrvdIvcVRwVbo6VRChxTYxLF:QVPyvVFRgVoaVuy5yKytBSaCXSPSuF7i
Score

1^/10
behavioral2
- Target
  
  WinSetView-main/AppData/Win10.ini
- Size
  
  7KB
- MD5
  
  8d19042a42fa997c68a3107e34c21e4c
- SHA1
  
  ae7a0ab249d320cb7e12b9669c8f319b5db53929
- SHA256
  
  8623aca285db6e56a49867e2901cbff098dedeb988eadf4c6d11231754077ffb
- SHA512
  
  6d7c79943d33c6838001b6a39cd9c82cf5528ec52d0f645605871f2f2f9afa11cac32a48c123a408e9c295ddfcdf909f992abf12ca625787bd233ee1bcb60231
- SSDEEP
  
  192:mvPBvDvGvbUvo2vNv5vbWvOvjvJvbDvPve3v0vbkvUvRUvRzvboNvRGvyv/evdvl:mvPBvDvGvgvo2vNv5vKvOvjvJvXvPvCV
Score

1^/10
behavioral3
- Target
  
  WinSetView-main/Tools/CaptureCustom.vbs
- Size
  
  2KB
- MD5
  
  4681c9a5aad5f50d24ebeb1582a0ebe8
- SHA1
  
  1efa872cc4c906d2f71c3f0507fd504e52703c3c
- SHA256
  
  989daadf9490587be71d934526c86777b3efeafdcc2f0ee3a5941648c2667d27
- SHA512
  
  2e5f1a9dff79406e1bc0cc8d245184863d8d7d90c0211bca745eb9a0697f1fc10401fce4e661a14012b7c41c405f002a6e9cfa9567b53bbc040b6f6aed035332
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4
- Target
  
  WinSetView-main/Tools/WinSetBak.cmd
- Size
  
  4KB
- MD5
  
  050c3a4f7af319080e7757cd4d2e1565
- SHA1
  
  981e6aa6f8456b5dea79dae29660907a4205576e
- SHA256
  
  bddfcf49982865cd780ae877ef9fd2c7e67b9de653f6ff107709269e8d914cd1
- SHA512
  
  9be7b63e48ef977d1769f079d78e88060eea058cdad130dbc590146b2c3a8c09f2f59551641700897c78349ec3207bb1b56bb178a7f6f5cacc586ad28c665d04
- SSDEEP
  
  96:MRjT7Oxdvmxyk5ds5GsO1UoUefYpCiqcxUXK9obuRzgVCPBRkBh/:MRzyjgOxUXK9obuRzgVCPnu/
Score

1^/10
behavioral5
- Target
  
  WinSetView-main/Tools/WinSetBak.ps1
- Size
  
  5KB
- MD5
  
  7bae087bc6adf05b42e7de4f35c4955f
- SHA1
  
  04d56b4c19df0f7f5bdd10e3fe585d4fb20ce64c
- SHA256
  
  fc42caaa6c9396734fdbbde8b991b758a5f7fff4040e0d7de7483061dca1c627
- SHA512
  
  aedd9a318a5900d163124af533a81d71be4b485572d603969de2f0f65b3c45d5b3be35b9c99d66e1ef0b8ec8e26f7343dc97c40ed5257e9f088208db6fd343d1
- SSDEEP
  
  96:2s2UKuHUMJQxus+m/7lu9iuvVwAdA5p58lO1KLtqZSQ1mqjVaIeqf0xBL8:2sJSush/7lu9iuWRFRavqL
Score

1^/10
behavioral6
- Target
  
  WinSetView-main/Tools/WinSetView.vbs
- Size
  
  820B
- MD5
  
  f44e5a1d8d274ce90efee96b5ac4f370
- SHA1
  
  ff7f6c35d462bac6c432f5feb2fe02e1c7490406
- SHA256
  
  74b40cf1881823b2dce8d9a7cd295443735ff6fb51782b9aa9a97ef7b905ecfd
- SHA512
  
  2536626d88c64bc998d34cddaf039603dc1cf11042e01f920983da500506e1b8e468c31b62f38f1464f0e04b5fb531d6fadc14372ca8a0ecb6c345996bdfb009
Score

1^/10
behavioral7
- Target
  
  WinSetView-main/WinSetView.exe
- Size
  
  595KB
- MD5
  
  1c1d27ef7cf9da94368b292ef041c806
- SHA1
  
  00d1059055ae0af9abc3d830ddf7071878bb70aa
- SHA256
  
  e513cc14c0077b9b6b0ad84718682ec1caee4aeb6e55ca063eec5fbdc6ea2bf7
- SHA512
  
  c50b61e0090f86f6eea5b0f52dfc19ec4800ec2625bd2b2a86a273cf4b1aeeba934ad0b1b4651abb9704b24d2290ab0566656968b89a4ef5c9fe1d686569f0e9
- SSDEEP
  
  12288:cydX1iNiv+ESGJ9teoeMKIW/UslACzriP:ccXENiv6GJDeD+SnlfiP
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral8
- Target
  
  WinSetView-main/WinSetView.ps1
- Size
  
  18KB
- MD5
  
  bb990110e5e561a8703fc6967085c9ed
- SHA1
  
  0ddfb599074370286c74dc1ab50fa2873305e06d
- SHA256
  
  daf74ad9235867f5e3b4a3c656652596114557846772f6a3cc76ed939b2104b7
- SHA512
  
  39dda8bc602c888154260f25ae61651ff7a38ca9fea7dce4da2de001e363beb121825c4d72de9ffcb49c2b00c27e0d0dfc06f17d7e5ee02b2ec088981fb55ac5
- SSDEEP
  
  384:NBvxHMU99VdiOo5SBapEjetaPYKbhKk5wSj7SUSrvRfmuOclbjDtfUQ:Pr9VdiOo5SBapEjetaPYKbhKk5VjuRrx
Score

1^/10
behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Modifies visibility of file extensions in Explorer

Modifies Installed Components in the registry

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9