Analysis
-
max time kernel
137s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
23-01-2024 14:27
Behavioral task
behavioral1
Sample
WayrRona.exe
Resource
win7-20231215-en
General
-
Target
WayrRona.exe
-
Size
2.2MB
-
MD5
de62ef5a6148d43c21d7150e9b51e645
-
SHA1
60ef71b46d8cfbab8f8acdccecb6162f2c634d24
-
SHA256
9416c3ca4bf12259401fe36bd7460ad2363ebd1842b08ffb518943dc885fadfe
-
SHA512
2d1dc3f52b1a72569628efa550a31343365e28d17dfbae656a5b2e7fc3e6868e10388d2985cca4b3331fab5718860f582feb0394949a94472e296a52a286db2d
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtu:PBozBdhEV7q8bOQnIFWY+3Je0wG
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 13 ipinfo.io -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_GB_{fb5addde-a159-11ee-aa24-806e6f6e6963}_mYT518WjDq.zipFilesize
2.4MB
MD5d4274bae003a86979cc99555c264c03b
SHA1e9fccc52d23ccd13ad4213f240b7926823ce0105
SHA25609a779c4a06dcd1a8a18c96eab9fe482b3760cdcfb32e01a54b21a0e17f7f7e2
SHA512d9eec60375111c11d9422d4a19f1abe508b713779265f5af665a04f3f674b3269d2c24c544d4991d86e5a84a2e9910fd98b7fd51179ea6a72f6722bf8ff01482