Overview

overview

10

Static

static

5

Patch/wfil...co.exe

windows7-x64

10

WFV1306050...46.exe

windows7-x64

10

WFV1306050...rg.url

windows7-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WFV130605095MIPX64.rar

  • Size

    542.8MB

  • Sample

    240212-v8pg3scc68

  • MD5

    5187fbd45056a1027c2eeb7fd0eb03a4

  • SHA1

    b362ef5d9fe0cebd87fb2bbff6ae4a21b7053fe4

  • SHA256

    3a2a5e920e52942b0f9423a94db0a9ad48a96549ed7d04b6526f9d1ed243df2f

  • SHA512

    35315d7fa84293503e9b5939c0b92baeed94941c472cb3a8d12474cc2d426a81bebf16d87444070e0eec04725df10f7be32eecf3b4561b363a1b8a2d7017aab8

  • SSDEEP

    12582912:3w2wq/xu7iRW8I8uJdG1IUSx4TQspQpnOUUCGuj:3R/U2RXI8uj4TkIUBGuj

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      Patch/wfilmorav13060-zmco.exe

    • Size

      41.2MB

    • MD5

      56fd172551e6e3d2a9d38974ebcbc26c

    • SHA1

      36c1eda497a99497c72efe0cd3b5546630add886

    • SHA256

      2ffd6cd0d6565c6641026fe321e56df0404a079585a2f7d826ac54977dae8cc0

    • SHA512

      f057eba80a5645f43f9b9a0743ef7d7158779f7ed3c0a42bc69101d7d153510f6a07a2d99cccf1a5b975d3caf742f8a1fcf6bde7cecfe2ee4b129d450e9070d2

    • SSDEEP

      786432:zxX+2eOjyJr5FHScfsDEqiovZXGBKE85MmrHIb2XJgdnGWY7L:zB+NJjDgEqRh2YEIr0uJgBGn

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1

    • Target

      WFV130605095MIPX64/Wondershare.Filmora.v13.0.60.5095.Multilingual.Incl.Patch-x64/filmora_64bit_13.0.60_full846.exe

    • Size

      507.0MB

    • MD5

      63599a8b1b370b25cd14fbe9c25800fa

    • SHA1

      24bbaaf356a3c10b4145a6595bb5065063e89a79

    • SHA256

      0c0a1fcf1cd8bb26186f4c859094f616b1b35ffdfa8db4c3fcdffe29a02d68ba

    • SHA512

      f67785d8f2ddbe9fee97b1b374d1051fb6e23df12a3490d47c80234cbca1654dc9fa99929a5f9c67408cc58050bcf0bc7b100a225ab792f12d64f08172586e4a

    • SSDEEP

      12582912:53Ms0X3yYGTI/NNKlA3qBuS4QaT5d2CVd+vh4Z8ph3DS8dYXXmig60c:5crytM/Nsl8uuSs5sCVwvhrzzfYHmiga

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral2

    • Target

      WFV130605095MIPX64/Wondershare.Filmora.v13.0.60.5095.Multilingual.Incl.Patch-x64/www.intercambiosvirtuales.org.url

    • Size

      126B

    • MD5

      56db27f7852cc08a66867a6082250087

    • SHA1

      2a130944216bbbbf92aca819f7bc51d47f43bbe2

    • SHA256

      5f52e29f37dd34bd65227a667983f3312904ea99937a64245334816cf0e8c515

    • SHA512

      d1e01d987e07d18ddbd9a5cede45b775bb89d648916987a786465387ba96f53fbfd53f67995d803ca2900f606f387396b5783da0440cd1302ceb37ed74b43e0e

    Score
    6/10
    evasiontrojan
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks