General

  • Target

    Wise Care 365 Pro 6.1.1.595.rar

  • Size

    14.9MB

  • Sample

    240225-sra71sfd6s

  • MD5

    34a2a950f472a08960c976d26b704783

  • SHA1

    f5071f62bdb1a3eea56cd4c3a0e6504fc5cda71a

  • SHA256

    4b8a4d1c824d2f3e1538403b98a48081d86f125d1181cde50c445220e62dfdf6

  • SHA512

    a60de2c7b9425fd803fec6f9bc682ec7c2998827c7b54a2dd55a51da2a7472d2d4818c25df6716d9f106d111d0c4e9a39725bc625201a6c5f6430be0f45c94eb

  • SSDEEP

    196608:4Y2UmiVVRLZv+Deq9SNCB6A0rml2Df2ywWi83/hyMWr3q4JPsS42PYjcay7urOtk:RxFVvDrEI2mhyMe3iSG0rBWW9nr2YtA9

Malware Config

Targets

    • Target

      Wise Care 365 Pro 6.1.1.595/Wise.Care.365.Pro-6.1.1.595.exe

    • Size

      15.0MB

    • MD5

      60c73be5e7d64a3e47fe5b1dcf176df5

    • SHA1

      52856a024ec8a204be76a2fa017518cd00c9cf28

    • SHA256

      f0f5f27156a91529cbdf08d93be8b2d6a23ce6060963fbc4dade4857754a364d

    • SHA512

      0475aa1bcc58cc7cb5522e5f4cd93f24aabe47aff2492b10be603922df6fb25b9668c106b95fb4140f00a1ff91504775d1673f6851c8c7678f02f4222dbc21f4

    • SSDEEP

      393216:I//smnrkKvE/9+NcMcqo3a84r4UHA92+yKiSGfyhjLLs1ROL1:IfrU/9EcMZ8aCUHg1/iSiyhPg1E

    • Modifies firewall policy service

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks