General
-
Target
WFV130605095MIPX64.rar
-
Size
542.8MB
-
Sample
240212-v8pg3scc68
-
MD5
5187fbd45056a1027c2eeb7fd0eb03a4
-
SHA1
b362ef5d9fe0cebd87fb2bbff6ae4a21b7053fe4
-
SHA256
3a2a5e920e52942b0f9423a94db0a9ad48a96549ed7d04b6526f9d1ed243df2f
-
SHA512
35315d7fa84293503e9b5939c0b92baeed94941c472cb3a8d12474cc2d426a81bebf16d87444070e0eec04725df10f7be32eecf3b4561b363a1b8a2d7017aab8
-
SSDEEP
12582912:3w2wq/xu7iRW8I8uJdG1IUSx4TQspQpnOUUCGuj:3R/U2RXI8uj4TkIUBGuj
Static task
static1
Behavioral task
behavioral1
Sample
Patch/wfilmorav13060-zmco.exe
Resource
win7-20231215-es
Behavioral task
behavioral2
Sample
WFV130605095MIPX64/Wondershare.Filmora.v13.0.60.5095.Multilingual.Incl.Patch-x64/filmora_64bit_13.0.60_full846.exe
Resource
win7-20231215-es
Malware Config
Targets
-
-
Target
Patch/wfilmorav13060-zmco.exe
-
Size
41.2MB
-
MD5
56fd172551e6e3d2a9d38974ebcbc26c
-
SHA1
36c1eda497a99497c72efe0cd3b5546630add886
-
SHA256
2ffd6cd0d6565c6641026fe321e56df0404a079585a2f7d826ac54977dae8cc0
-
SHA512
f057eba80a5645f43f9b9a0743ef7d7158779f7ed3c0a42bc69101d7d153510f6a07a2d99cccf1a5b975d3caf742f8a1fcf6bde7cecfe2ee4b129d450e9070d2
-
SSDEEP
786432:zxX+2eOjyJr5FHScfsDEqiovZXGBKE85MmrHIb2XJgdnGWY7L:zB+NJjDgEqRh2YEIr0uJgBGn
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
WFV130605095MIPX64/Wondershare.Filmora.v13.0.60.5095.Multilingual.Incl.Patch-x64/filmora_64bit_13.0.60_full846.exe
-
Size
507.0MB
-
MD5
63599a8b1b370b25cd14fbe9c25800fa
-
SHA1
24bbaaf356a3c10b4145a6595bb5065063e89a79
-
SHA256
0c0a1fcf1cd8bb26186f4c859094f616b1b35ffdfa8db4c3fcdffe29a02d68ba
-
SHA512
f67785d8f2ddbe9fee97b1b374d1051fb6e23df12a3490d47c80234cbca1654dc9fa99929a5f9c67408cc58050bcf0bc7b100a225ab792f12d64f08172586e4a
-
SSDEEP
12582912:53Ms0X3yYGTI/NNKlA3qBuS4QaT5d2CVd+vh4Z8ph3DS8dYXXmig60c:5crytM/Nsl8uuSs5sCVwvhrzzfYHmiga
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
WFV130605095MIPX64/Wondershare.Filmora.v13.0.60.5095.Multilingual.Incl.Patch-x64/www.intercambiosvirtuales.org.url
-
Size
126B
-
MD5
56db27f7852cc08a66867a6082250087
-
SHA1
2a130944216bbbbf92aca819f7bc51d47f43bbe2
-
SHA256
5f52e29f37dd34bd65227a667983f3312904ea99937a64245334816cf0e8c515
-
SHA512
d1e01d987e07d18ddbd9a5cede45b775bb89d648916987a786465387ba96f53fbfd53f67995d803ca2900f606f387396b5783da0440cd1302ceb37ed74b43e0e
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1